The vulnerability of the GLPI system’s handling of requests and incidents, related to insufficient protection of user credentials, allows a malicious individual to obtain unauthorized access to the root account’s password.
The vulnerability in the GLPI system’s request and incident handling process is related to an error in passing configuration data via JavaScript. In this error, some records are filtered out, but the ldappass variable is not filtered. Exploiting this vulnerability could allow a remote attacker to...