CVE-2018-1000633

Name of the Vulnerable Software and Affected Versions OMERO.web versions prior to 5.4.7

Description The issue concerns an information exposure through log files in the login form and change password form, potentially revealing a user's password. An attacker can exploit this by reading the web server log, allowing them to log in as the affected user.

Recommendations For versions prior to 5.4.7, update to version 5.4.7 to resolve the issue. As a temporary workaround, consider restricting access to the web server log to minimize the risk of exploitation.