A vulnerability has been found and corrected in GLPI: The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request . This advisory provides the latest version of GLPI which are not vulnerable to this issue. Additionally the latest versions of the corresponding plugins are also being provided.