CVE-2023-28124

Summary

Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later.

Affected Software

VendorProductVersion RangeStatus
n/aUI Desktop for WindowsFixed on Version 0.62.3 or later.affected

Weaknesses

  • CWE-326: Inadequate Encryption Strength (CWE-326)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References