Main Vulnerability Database SB2020070756

SB2020070756 - Use of a broken or risky cryptographic algorithm in GLPI

Published: July 7, 2020 Updated: May 4, 2026

Security Bulletin ID SB2020070756

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2020-11031)

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to a weak encryption algorithm in the encryption mechanism when protecting stored data with user-supplied passwords. A remote attacker can use a weak or predictable password to decrypt protected data and disclose sensitive information.

The security of encrypted data depends on the strength of the password chosen by the user.

Remediation

Install update from vendor's website.

References

https://github.com/glpi-project/glpi/security/advisories/GHSA-7xwm-4vjr-jvqh