Bugzilla contains a flaw that may lead to an unauthorized password exposure. When a user is prompted to authenticate when attempting to view a chart, the user's login ID and password are stored in the Web server logs, resulting in a loss of confidentiality.
Remote / Network Access
Loss of Confidentiality
Upgrade to version 2.16.6, 2.18rc1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.