CVE-2024-51993

Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 3.2.0

Description The issue allows an attacker accessing a backup file or the database to read some passwords for misconfigured users. This is due to the storage of sensitive data in cleartext. The impact of this issue is the exposure of confidential information.

Recommendations For versions prior to 3.2.0, upgrade to version 3.2.0 to address the issue. If an upgrade is not possible, users are advised to encrypt their backups independently of the iTop application. As a temporary workaround, consider sanitizing the parameter to minimize the risk of exploitation.