CVE-2020-29550

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account (used for the connection of the MS Office 365 Integration Service) is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext: Profiles/urve/files/sql_db.backup, Server/data/pg_wal/000000010000000A000000DD, Server/data/base/16384/18617, and Server/data/base/17202/8708746. This causes the password to be displayed as cleartext in the HTML code as roomsreservationimport_password in /urve/roomsreservationimport/roomsreservationimport/update-HTML5.

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account (used for the connection of the MS Office 365 Integration Service) is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext: Profiles/urve/files/sql_db.backup, Server/data/pg_wal/000000010000000A000000DD, Server/data/base/16384/18617, and Server/data/base/17202/8708746. This causes the password to be displayed as cleartext in the HTML code as roomsreservationimport_password in /urve/roomsreservationimport/roomsreservationimport/update-HTML5.

Se detectó un problema en URVE Build 24.03.2020. La contraseña de una cuenta de usuario de integración (usada para la conexión del servicio de integración de MS Office 365) es almacenada en texto sin cifrar en los archivos de configuración, así como en la base de datos. Los siguientes archivos contienen la contraseña en texto sin cifrar: Profiles/urve/files/sql_db.backup, Server/data/pg_wal/000000010000000A000000DD, Server/data/base/16384/18617 y Server/data/base/17202/8708746. Esto causa que la contraseña sea mostrada como texto sin cifrar en el código HTML como roomsreservationimport_password en /urve/roomsreservationimport/roomsreservationimport/update-HTML5