CVE-2020-11031

Summary

In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library chosen is sodium.

Affected Software

VendorProductVersion RangeStatus
glpi-projectGLPI< 9.5.0affected

Weaknesses

  • CWE-327: CWE-327: Use of a Broken or Risky Cryptographic Algorithm

ADP Enrichment

CVE Program Container

Additional References

References