CVE-2007-1462

Name of the Vulnerable Software and Affected Versions conga (affected versions not specified)

Description The issue concerns the luci server component in conga, where the password is preserved between page loads for the Add System/Cluster task flow. This is done by storing the password in the Value attribute of a password entry field. As a result, attackers may be able to steal the password by performing actions like viewing the source of the web page or other similar operations. It's noted that the feasibility of such an attack is limited to specific circumstances.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.