In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6.
References
Configurations
History
07 Nov 2023, 03:14
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-05-05 22:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-11035
Mitre link : CVE-2020-11035
CVE.ORG link : CVE-2020-11035
JSON object : View
Products Affected
fedoraproject
- fedora
glpi-project
- glpi
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm