[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-1007

Date: (C)2011-02-28   (M)2017-08-18 


Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout.

CVSS Score: 2.1Access Vector: LOCAL
Exploit Score: 3.9Access Complexity: LOW
Impact Score: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE





Reference:
SECUNIA-43438
OSVDB-71012
ADV-2011-0475
http://openwall.com/lists/oss-security/2011/02/22/6
http://openwall.com/lists/oss-security/2011/02/22/16
http://openwall.com/lists/oss-security/2011/02/23/22
http://openwall.com/lists/oss-security/2011/02/24/9
http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575
http://issues.bestpractical.com/Ticket/Display.html?id=15804
https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069
https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4
rt-login-information-disclosure(65771)

CPE    76
cpe:/a:bestpractical:rt:1.0.6
cpe:/a:bestpractical:rt:1.0.7
cpe:/a:bestpractical:rt:1.0.4
cpe:/a:bestpractical:rt:1.0.5
...
CWE    1
CWE-255

© 2013 SecPod Technologies