CVE Vulnerabilities

CVE-2001-1404

Published: Sep 10, 2001 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges.

Affected Software

Name Vendor Start Version End Version
Bugzilla Mozilla 2.10 2.10
Bugzilla Mozilla 2.6 2.6
Bugzilla Mozilla 2.4 2.4
Bugzilla Mozilla 2.12 2.12
Bugzilla Mozilla 2.8 2.8
Bugzilla Mozilla 2.14 2.14

References