Uploaded image for project: 'JOE - JobScheduler Object Editor'
  1. JOE - JobScheduler Object Editor
  2. JOE-290

Password Obfuscation Vulnerability (CVE-2020-12712)

    XMLWordPrintable

    Details

    • Type: Fix
    • Status: Released (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.12, 1.13.2, 1.13.3
    • Fix Version/s: 1.12.13, 1.13.4
    • Labels:
      None
    • CVE-ID:
      CVE-2020-12712

      Description

      • JOE can be configured to store passwords and passphrases on the computer where JOE is executed.
      • Such data are obfuscated with a symmetric key. The vulnerability is about the fact that obfuscation is not secure and that the symmetric key can be guessed.
      • See also https://en.wikipedia.org/wiki/Obfuscation_(software)

        Attachments

          Issue Links

          is related to

          Fix - JOE-291 Some password are not handled correctly by JOE

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Released

          Fix - JOE-294 JOE does not decrypt an encrypted password

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Released

            Activity

              People

              • Assignee:
                ur Uwe Risse
                Reporter:
                ap Andreas Püschel
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: