CVE-2008-7278

Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions prior to 2.2.5 Open Ticket Request System (OTRS) versions 2.3.x prior to 2.3.0-beta1

Description The issue is related to the S/MIME feature in OTRS, which does not properly configure the RANDFILE environment variable for OpenSSL. This might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, due to the inability to write to the seeding file.

Recommendations For OTRS versions prior to 2.2.5, update to version 2.2.5 or later. For OTRS versions 2.3.x prior to 2.3.0-beta1, update to version 2.3.0-beta1 or later.