PT-2020-12503 · Glpi+1 · Glpi+1
Trasher
·
Published
2020-05-05
·
Updated
2021-10-26
·
CVE-2020-11035
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GLPI versions 0.83.3 through 9.4.5
Description
The issue concerns the generation of CSRF tokens using an insecure algorithm, which utilizes
rand, uniqid, and MD5. This does not provide secure values. The problem is fixed in version 9.4.6.Recommendations
For GLPI versions 0.83.3 through 9.4.5, update to version 9.4.6 to resolve the issue.
Fix
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Glpi