|Main Archive Page > Month Archives > oss-security archives|
Hello Josh, Steve, vendors,
it was found that GLPI, the Information Resource-Manager with an
additional Administration-Interface, did not properly blacklist certain
sensitive variables (like GLPI username and password). A remote attacker
could use this flaw to obtain access to plaintext form of these values
via specially-crafted HTTP POST request.
Could you allocate a CVE id for this?
Thank you && Regards, Jan.
-- Jan iankko Lieskovsky / Red Hat Security Response Team