CVE-2009-3166
published 2009-09-15CVE-2009-3166: token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which…
medium5CVSS 3.1
AVNACLAuNCPINAN
token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | bugzilla | — | — |
| mozilla | bugzilla | — | — |