PT-2020-13086 · Testlink · Testlink

Published

2020-04-27

·

Updated

2021-07-21

·

CVE-2020-12273

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions TestLink version 1.9.20
Description A crafted viewer parameter in the login.php endpoint exposes cleartext credentials.
Recommendations For TestLink version 1.9.20, avoid using the viewer parameter in the login.php endpoint until the issue is resolved.

Exploit

Fix

Missing Encryption of Sensitive Data

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-311CWE-522

Related Identifiers

CVE-2020-12273

Affected Products

Testlink