Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2003-04-02T05:00:00
Updated: 2024-08-08T03:03:49.280Z
Reserved: 2002-07-29T00:00:00
Link: CVE-2002-0810
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2002-08-12T04:00:00.000
Modified: 2008-09-05T20:29:00.660
Link: CVE-2002-0810
Redhat