An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen.
References
Link | Resource |
---|---|
https://developer.joomla.org/security-centre/732-20180504-core-installer-leaks-plain-text-password-to-local-user.html | Vendor Advisory |
http://www.securitytracker.com/id/1040966 | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/104278 | Third Party Advisory VDB Entry |
Configurations
Information
Published : 2018-05-22 08:29
Updated : 2019-10-02 17:03
NVD link : CVE-2018-11325
Mitre link : CVE-2018-11325
JSON object : View
CWE
CWE-209
Generation of Error Message Containing Sensitive Information
Products Affected
joomla
- joomla\!