CVE-2009-2945

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2009-2945

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2009-2945.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2009-2945

Downstream

DEBIAN-CVE-2009-2945

Published

2009-09-15T22:30:00Z

Modified

2026-04-10T03:40:54.279733Z

Summary

[none]

Details

weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

References

http://secunia.com/advisories/36640
http://webauth.stanford.edu/security/2009-09-10.html

CVE-2009-2945

Affected packages