CVE-2006-5428

Name of the Vulnerable Software and Affected Versions Cerberus Helpdesk version 3.2.1

Description The issue allows remote attackers to bypass the GUI login and obtain sensitive information, specifically ticket data, by sending a direct request for a display get requesters operation. This is possible because the rpc.php file in Cerberus Helpdesk does not verify a client's privileges for this operation.

Recommendations For Cerberus Helpdesk version 3.2.1, consider restricting access to the rpc.php file or the display get requesters operation until a patch is available. As a temporary workaround, limit the exposure of sensitive information by implementing additional authentication mechanisms for direct requests.