Insecure ICAL Calendar Sharing in Soplanning 1.32 and Earlier

Insecure ICAL Calendar Sharing in Soplanning 1.32 and Earlier

CVE-2014-8675 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash.

Learn more about our Web Application Penetration Testing UK.