English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

Stanford webauth 3.6.1

CPE Details

Stanford webauth 3.6.1
stanford
webauth
3.6.1
2019-12-11 18:07 +00:00
2019-12-11 18:07 +00:00
CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:a:stanford:webauth:3.6.1:*:*:*:*:*:*:*

Informations

Vendor

stanford

Product

webauth

Version

3.6.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2009-2945 2022-10-03 14:24 +00:00 weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
4.3
CVE-2013-2106 2019-12-03 12:21 +00:00 webauth before 4.6.1 has authentication credential disclosure
7.5
HIGH

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.