Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner’s password via a brute-force attack on the embedded password hash.
CPE | Name | Operator | Version |
---|---|---|---|
soplanning | le | 1.32 |