Main Vulnerability Database SB2011031810

SB2011031810 - Cryptographic issues in OTRS

Published: March 18, 2011 Updated: August 11, 2020

Security Bulletin ID SB2011031810

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cryptographic issues (CVE-ID: CVE-2010-4758)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen.

Remediation

Install update from vendor's website.

References

http://bugs.otrs.org/show_bug.cgi?id=6302
http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807