It was found that GLPI, the Information Resource-Manager with an additional Administration-Interface, did not properly blacklist certain sensitive variables (like GLPI username and password). A remote attacker could use this flaw to obtain access to plaintext form of these values via specially-crafted HTTP POST request.
Created glpi tracking bugs for this issue
Affects: fedora-all [bug 726186]
Affects: epel-5 [bug 726187]
Affects: epel-6 [bug 726188]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.