CVE-2011-2720

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 0.80.2

Description The autocompletion functionality in GLPI does not properly restrict access to certain username and password fields. This allows remote attackers to obtain sensitive information by sending a crafted POST request.

Recommendations For versions prior to 0.80.2, update to version 0.80.2 or later to resolve the issue. As a temporary workaround, consider disabling the autocompletion functionality until a patch is available. Restrict access to sensitive fields, such as username and password, to minimize the risk of exploitation.