2 matches found
CVE-2001-1403
This CVE (CVE-2001-1403) affects Bugzilla prior to version 2.14, where username and password were included in URLs. The underlying issue is credentials exposed in URLs, which could enable attackers to gain privileges by reading web server access logs or by shoulder-surfing and observing the brows...
CVE-2001-1403
Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar...