VYPR
Unrated severityNVD Advisory· Published Sep 23, 2020· Updated Aug 4, 2024

Insecure encryption algorithm in GLPI

CVE-2020-11031

Description

In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library chosen is sodium.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Glpi Project/Glpillm-fuzzy2 versions
    <9.5.0+ 1 more
    • (no CPE)range: <9.5.0
    • (no CPE)range: < 9.5.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.