CVE-2011-2720

EPSS 2.9%

The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063408.html http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063679.html https://bugzilla.redhat.com/show_bug.cgi?id=726185 http://secunia.com/advisories/45366 http://secunia.com/advisories/45542 https://forge.indepnet.net/issues/3017 https://forge.indepnet.net/projects/glpi/repository/revisions/14951 https://forge.indepnet.net/projects/glpi/repository/revisions/14952 https://forge.indepnet.net/projects/glpi/repository/revisions/14954 https://forge.indepnet.net/projects/glpi/repository/revisions/14955 https://forge.indepnet.net/projects/glpi/repository/revisions/14956 https://forge.indepnet.net/projects/glpi/repository/revisions/14957