PT-2018-10484 · Joomla · Joomla! Core
Sascha Egerer
·
Published
2018-05-22
·
Updated
2019-10-03
·
CVE-2018-11325
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Joomla! Core versions prior to 3.8.8
Description
An issue was discovered where the web install application would autofill password fields after a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen.
Recommendations
For versions prior to 3.8.8, update to version 3.8.8 or later to resolve the issue.
Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Joomla! Core