Bugzilla Image URL Password Disclosure

2004-02-24T00:00:00
ID OSVDB:7782
Type osvdb
Reporter OSVDB
Modified 2004-02-24T00:00:00

Description

Vulnerability Description

Bugzilla contains a flaw that may lead to an unauthorized password exposure. When a user is prompted to authenticate when attempting to view a chart, the user's login ID and password are stored in the Web server logs, resulting in a loss of confidentiality.

Solution Description

Upgrade to version 2.16.6, 2.18rc1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Bugzilla contains a flaw that may lead to an unauthorized password exposure. When a user is prompted to authenticate when attempting to view a chart, the user's login ID and password are stored in the Web server logs, resulting in a loss of confidentiality.

References:

Vendor URL: http://www.bugzilla.org/ Vendor Specific Advisory URL Secunia Advisory ID:12057 Related OSVDB ID: 7780 Related OSVDB ID: 7781 Related OSVDB ID: 7783 Related OSVDB ID: 7784 Related OSVDB ID: 7786 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0103.html ISS X-Force ID: 16669 CVE-2004-0706 Bugtraq ID: 10698