Main Vulnerability Database Vulnerabilities #VU129533

Use of a broken or risky cryptographic algorithm in GLPI - CVE-2020-11031

Published: July 7, 2020 / Updated: May 4, 2026

Vulnerability identifier: #VU129533

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-11031

CWE-ID: CWE-327

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
GLPI

Software vendor:
glpi-project

Description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to a weak encryption algorithm in the encryption mechanism when protecting stored data with user-supplied passwords. A remote attacker can use a weak or predictable password to decrypt protected data and disclose sensitive information.

The security of encrypted data depends on the strength of the password chosen by the user.

Remediation

Install security update from vendor's website.

External links

https://github.com/glpi-project/glpi/security/advisories/GHSA-7xwm-4vjr-jvqh

Use of a broken or risky cryptographic algorithm in GLPI - CVE-2020-11031

Description

Remediation

External links

Please verify you're human