CVE-2009-3166

Name of the Vulnerable Software and Affected Versions: Bugzilla versions 3.4rc1 through 3.4.1

Description: The issue allows context-dependent attackers to discover passwords by reading web-server access logs, web-server Referer logs, or the browser history. This occurs when the token.cgi script places a password in a URL at the beginning of a login session that happens immediately after a password reset.

Recommendations: For Bugzilla versions 3.4rc1 through 3.4.1, consider updating to a version where this issue is resolved to prevent password exposure through log files or browser history.