PT-2011-1707 · Otrs · Open Ticket Request System

Published

2011-03-18

Updated

2011-03-22

CVE-2010-4758

CVSS v2.0

1.9

Low

Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions prior to 3.0.3

Description The issue concerns the installer.pl in Open Ticket Request System (OTRS), where the Inbound Mail Password field uses the text type instead of the password type for its INPUT element. This makes it easier for physically proximate attackers to obtain the password by reading the workstation screen.

Recommendations For versions prior to 3.0.3, update to version 3.0.3 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2010-4758

Affected Products

Open Ticket Request System

PT-2011-1707 · Otrs · Open Ticket Request System

CVE-2010-4758

Weakness Enumeration

Related Identifiers

Affected Products

References · 7