CVE-2009-2945

Metadata

CVE-2009-2945
4.3
webauth.stanford.edu
2009-09-15
2017-06-06 20:20

Description

weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

Related Vulnerabilities

platform vulnerability
CVE-2009-2945 webauth
CVE-2009-2945