Vulnerabilities > CVE-2011-1007 - Credentials Management vulnerability in Bestpractical RT
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | CGI abuses |
NASL id | RT_389.NASL |
description | According to its self-reported version number, the Best Practical Solutions Request Tracker (RT) running on the remote web server is a version prior to 3.8.9. It is, therefore, potentially affected by the following vulnerabilities : - If an individual with a valid account logs out of Request Tracker but does not close the browser, an attacker with access to that browser can use the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 52455 |
published | 2011-02-25 |
reporter | This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/52455 |
title | Request Tracker 3.x < 3.8.9 Security Bypass and Information Disclosure |
code |
|
References
- http://openwall.com/lists/oss-security/2011/02/24/8
- http://issues.bestpractical.com/Ticket/Display.html?id=15804
- http://openwall.com/lists/oss-security/2011/02/22/6
- http://openwall.com/lists/oss-security/2011/02/23/22
- http://openwall.com/lists/oss-security/2011/02/24/9
- http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html
- http://www.vupen.com/english/advisories/2011/0475
- http://openwall.com/lists/oss-security/2011/02/24/7
- https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4
- http://openwall.com/lists/oss-security/2011/02/22/12
- http://secunia.com/advisories/43438
- http://openwall.com/lists/oss-security/2011/02/22/16
- https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575
- http://osvdb.org/71012
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65771
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E