CVE-2009-5100
Pentaho BI Server < 1.7.0.1062 - Password Exposure via Autocomplete
Title source: llmDescription
Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate attackers to obtain the password.
References (3)
Core 3
Core References
Exploit x_refsource_confirm
http://jira.pentaho.com/browse/BISERVER-2698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
Exploit x_refsource_misc
http://antisnatchor.com/2009/06/20/pentaho-1701062-multiple-vulnerabilities/
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507168/100/0/threaded
Scores
EPSS
0.0041
EPSS Percentile
32.9%
Details
CWE
CWE-200
Status
published
Products (3)
pentaho/bi_server
1.2.0
pentaho/bi_server
1.6.0
pentaho/bi_server
< 1.7.0.1062
Published
Sep 13, 2011
Tracked Since
Feb 18, 2026