CVE-2009-5100

Pentaho BI Server < 1.7.0.1062 - Password Exposure via Autocomplete

Title source: llm
STIX 2.1

Description

Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate attackers to obtain the password.

Scores

EPSS 0.0041
EPSS Percentile 32.9%

Details

CWE
CWE-200
Status published
Products (3)
pentaho/bi_server 1.2.0
pentaho/bi_server 1.6.0
pentaho/bi_server < 1.7.0.1062
Published Sep 13, 2011
Tracked Since Feb 18, 2026