mailing list archives
CVE Request -- GLPI -- Properly blacklist some sensitive fields
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 25 Jul 2011 14:52:42 +0200
Hello Josh, Steve, vendors,
it was found that GLPI, the Information Resource-Manager with an
additional Administration-Interface, did not properly blacklist certain
sensitive variables (like GLPI username and password). A remote attacker
could use this flaw to obtain access to plaintext form of these values
via specially-crafted HTTP POST request.
Could you allocate a CVE id for this?
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team
- CVE Request -- GLPI -- Properly blacklist some sensitive fields Jan Lieskovsky (Jul 25)