Request Tracker Password Information Disclosure Vulnerability Network Vulnerability

Summary

Request Tracker is prone to an information-disclosure vulnerability because it fails to securely store passwords. Successful attacks can allow a local attacker to gain access to the stored passwords. Request Tracker 3.6.x and 3.8.x are affected other versions may also be vulnerable.

Solution

Updates are available. Please see the references for details.

References

http://www.bestpractical.com/rt/
https://www.securityfocus.com/bid/45959

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0009

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

AlienForm CGI script
Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
Apache Tomcat TroubleShooter Servlet Installed
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability

Take action and discover your vulnerabilities