The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the web page. NOTE: there are limited circumstances under which such an attack is feasible.
References
Link | Resource |
---|---|
http://osvdb.org/35086 | |
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228637 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2007-03-15T20:00:00
Updated: 2008-11-15T10:00:00
Reserved: 2007-03-15T00:00:00
Link: CVE-2007-1462
JSON object: View
NVD Information
Status : Modified
Published: 2007-03-15T20:19:00.000
Modified: 2023-11-07T02:00:23.480
Link: CVE-2007-1462
JSON object: View
Redhat Information
No data.
CWE