CVE-2011-4677

Oneclickorgs One Click Orgs < 1.2.2 - Authentication Bypass

Title source: rule

Description

One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

References (2)

[Various Sources] http://dmcdonald.net/?page_id=43

[Mailing List] https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en&dmode=source&output=gplain

Scores

EPSS 0.0052

EPSS Percentile 66.4%

Classification

CWE

CWE-287

Status draft

Affected Products (7)

oneclickorgs/one_click_orgs < 1.2.2

oneclickorgs/one_click_orgs

Timeline

Published Dec 06, 2011

Tracked Since Feb 18, 2026