CVE-2001-1404

Description

Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges.

Affected products

• Mozilla / Bugzilla2.4 – 2.4
• Mozilla / Bugzilla2.6 – 2.6
• Mozilla / Bugzilla2.8 – 2.8
• Mozilla / Bugzilla2.10 – 2.10
• Mozilla / Bugzilla2.12 – 2.12
• Mozilla / Bugzilla2.14 – 2.14

References

• MAILING_LISThttp://marc.info/?l=bugtraq&m=99912899900567
• MISChttp://www.redhat.com/support/errata/RHSA-2001-107.html
• MISChttp://bugzilla.mozilla.org/show_bug.cgi?id=74032