CVE-2018-11325
9.8
CVSS Score
Critical
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Link copied!
Description
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen.
CVSS Vector Details
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Software Configurations
- a joomla joomla\! * * * * * * * *
Weaknesses (CWE)
- CWE-209
References & External Links
- http://www.securityfocus.com/bid/104278
- http://www.securitytracker.com/id/1040966
- https://developer.joomla.org/security-centre/732-20180504-core-installer-leaks-plain-text-password-to-local-user.html
- http://www.securityfocus.com/bid/104278
- http://www.securitytracker.com/id/1040966
- https://developer.joomla.org/security-centre/732-20180504-core-installer-leaks-plain-text-password-to-local-user.html
External Resources
CVE History Timeline
May 25, 2018 01:29
CVE Modified
May 27, 2018 01:29
CVE Modified
Jun 22, 2018 16:15
Initial Analysis
Oct 03, 2019 00:03
CWE Remap
May 14, 2024 04:55
CVE Modified
Nov 21, 2024 03:43
CVE Modified