CVE-2011-4677
One Click Orgs < 1.2.3 - Unauthenticated Credential Theft via Autocomplete
Title source: llmDescription
One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_mlist
https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en&dmode=source&output=gplain
Various Sources x_refsource_misc
http://dmcdonald.net/?page_id=43
Scores
EPSS
0.0138
EPSS Percentile
68.7%
Details
CWE
CWE-287
Status
published
Products (7)
oneclickorgs/one_click_orgs
1.0.0
oneclickorgs/one_click_orgs
1.0.1
oneclickorgs/one_click_orgs
1.1.0
oneclickorgs/one_click_orgs
1.1.1
oneclickorgs/one_click_orgs
1.2.0
oneclickorgs/one_click_orgs
1.2.1
oneclickorgs/one_click_orgs
< 1.2.2
Published
Dec 06, 2011
Tracked Since
Feb 18, 2026