CVE-2009-5057

Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions prior to 2.3.4

Description The issue is related to the S/MIME feature in OTRS, which does not properly configure the RANDFILE and HOME environment variables for OpenSSL. This might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, due to the inability to write to the seeding file.

Recommendations For versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue.