CVE-2011-1433

Sažetak

The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields.

Reference

http://bugs.otrs.org/show_bug.cgi?id=6878
http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807
https://exchange.xforce.ibmcloud.com/vulnerabilities/66196

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

17-08-2017 - 01:34

Objavljeno

18-03-2011 - 16:55