Open Ticket Request System (OTRS) Information Disclosure Vulnerability Network Vulnerability

Summary

This host is running Open Ticket Request System (OTRS) and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields. Impact Level: Application

Solution

Upgarde to Open Ticket Request System (OTRS) version 3.0.6 or later For updates refer to http://otrs.org/download/

Insight

The flaw is due to the error in 'AgentInterface' and 'CustomerInterface' components, which place cleartext credentials into the session data in the database.

Affected

Open Ticket Request System (OTRS) version prior to 3.0.6

Detection

Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.

References

http://bugs.otrs.org/show_bug.cgi?id=6878
http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1433

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
Apache Tomcat TroubleShooter Servlet Installed
AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
Apache Struts2/XWork Remote Command Execution Vulnerability
Apple Safari Multiple Vulnerabilities

Take action and discover your vulnerabilities