A user that can login on iTop is able to takeover any account, only by knowing their username.
Fixed in 3.0.2-1
Many thanks to @Blaklis / Daniel Le Gall for his reports !
If you have any questions or comments about this advisory: Email us at itop-security@combodo.com
Impact
A user that can login on iTop is able to takeover any account, only by knowing their username.
Patches
Fixed in 3.0.2-1
References
Credits
Many thanks to @Blaklis / Daniel Le Gall for his reports !
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com