CVE-2007-1462

The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the w...

PT-2007-2856 · Conga · Conga

Name of the Vulnerable Software and Affected Versions: conga affected versions not specified Description: The issue concerns the luci server component in conga, where the password is preserved between page loads for the Add System/Cluster task flow. This is done by storing the password in the Val...