mailing list archives
Re: CVE Request -- GLPI -- Properly blacklist some sensitive fields
From: Josh Bressers <bressers () redhat com>
Date: Tue, 26 Jul 2011 15:57:34 -0400 (EDT)
Plese use CVE-2011-2720.
----- Original Message -----
Hello Josh, Steve, vendors,
it was found that GLPI, the Information Resource-Manager with an
additional Administration-Interface, did not properly blacklist
sensitive variables (like GLPI username and password). A remote
could use this flaw to obtain access to plaintext form of these values
via specially-crafted HTTP POST request.
Could you allocate a CVE id for this?
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team