Описание
token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | |
| devel | not-affected | 3.2.4.0-3ubuntu1 |
| hardy | not-affected | |
| intrepid | not-affected | |
| jaunty | not-affected | |
| upstream | pending | 3.4.2 |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
Связанные уязвимости
token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL ...
token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
EPSS
5 Medium
CVSS2