PT-2020-12500 · Teclib+1 · Glpi+1

Orthagh

Published

2020-09-23

Updated

2024-05-22

CVE-2020-11031

CVSS v3.1

7.8

High

Vector

AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 9.5.0

Description The issue is related to an insecure encryption algorithm used in the software. The security of the encrypted data relies on the password used, and if a user sets a weak or predictable password, an attacker could potentially decrypt the data. A more secure encryption library, sodium, is used in the fixed version to address this issue.

Recommendations For versions prior to 9.5.0, update to version 9.5.0 or later, which uses a more secure encryption library to mitigate the risk.

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

ALT-PU-2020-3130

ALT-PU-2020-3162

ALT-PU-2024-8094

CVE-2020-11031

GHSA-7XWM-4VJR-JVQH

Affected Products

Alt Linux

Glpi

PT-2020-12500 · Teclib+1 · Glpi+1

CVE-2020-11031

Weakness Enumeration

Related Identifiers

Affected Products

References · 7