FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

glpi -- Improve encryption algorithm

Affected packages
glpi < 9.5.0,1

Details

VuXML ID 0309c898-3aed-11eb-af2a-080027dbe4b7
Discovery 2020-03-30
Entry 2020-03-30
Modified 2024-04-25

MITRE Corporation reports:

In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library chosen is sodium.

References

CVE Name CVE-2020-11031
URL https://github.com/glpi-project/glpi/commit/f1ae6c8481e5c19a6f1801a5548cada45702e01a#diff-b5d0ee8c97c7abd7e3fa29b9a27d1780
URL https://github.com/glpi-project/glpi/commit/f1ae6c8481e5c19a6f1801a5548cada45702e01a#diff-b5d0ee8c97c7abd7e3fa29b9a27d1780
URL https://github.com/glpi-project/glpi/security/advisories/GHSA-7xwm-4vjr-jvqh