CVE-2001-1403 Information

Description

Bugzilla before 2.14 includes the username and password in URLs which could allow attackers to gain privileges by reading the information from the web server logs or by \shoulder-surfing\ and observing the web browser’s location bar.

Reference

http://bugzilla.mozilla.org/show_bug.cgi?id=15980 http://marc.info/?l=bugtraq&m=99912899900567 http://www.redhat.com/support/errata/RHSA-2001-107.html