OTRS S/MIME OpenSSL Cryptographic Entropy Weakness Network Vulnerability

Summary

This host is installed with OTRS (Open Ticket Request System) and is prone to cryptographic entropy weakness.

Impact

Successful exploitation will allow remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations. Impact Level: Application

Solution

Upgrade to OTRS (Open Ticket Request System) version 2.2.5, or 2.3.0-beta1 or later, For updates refer to http://www.otrs.com/en/

Insight

An error exists in S/MIME feature which does not properly configure the RANDFILE environment variable for OpenSSL

Affected

OTRS (Open Ticket Request System) version before 2.2.5, and 2.3.x before 2.3.0-beta1

Detection

Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/74261

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-7278

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
123 Flash Chat Multiple Security Vulnerabilities

Take action and discover your vulnerabilities