Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:25
Type | Values Removed | Values Added |
---|---|---|
References | () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575 - Patch | |
References | () http://issues.bestpractical.com/Ticket/Display.html?id=15804 - | |
References | () http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html - Patch | |
References | () http://openwall.com/lists/oss-security/2011/02/22/12 - Patch | |
References | () http://openwall.com/lists/oss-security/2011/02/22/16 - Patch | |
References | () http://openwall.com/lists/oss-security/2011/02/22/6 - Patch | |
References | () http://openwall.com/lists/oss-security/2011/02/23/22 - | |
References | () http://openwall.com/lists/oss-security/2011/02/24/7 - | |
References | () http://openwall.com/lists/oss-security/2011/02/24/8 - | |
References | () http://openwall.com/lists/oss-security/2011/02/24/9 - | |
References | () http://osvdb.org/71012 - | |
References | () http://secunia.com/advisories/43438 - Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2011/0475 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/65771 - | |
References | () https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069 - Patch | |
References | () https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4 - Patch | |
References | () https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E - |
07 Nov 2023, 02:06
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2011-02-28 16:00
Updated : 2024-11-21 01:25
NVD link : CVE-2011-1007
Mitre link : CVE-2011-1007
CVE.ORG link : CVE-2011-1007
JSON object : View
Products Affected
bestpractical
- rt
CWE
CWE-255
Credentials Management Errors