Main Vulnerability Database Vulnerabilities #VU45208

Cryptographic issues in OTRS - CVE-2010-4758

Published: March 18, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU45208

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2010-4758

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: otrs.org

Affected software:
OTRS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen.

How to mitigate CVE-2010-4758

Install update from vendor's website.

Sources

http://bugs.otrs.org/show_bug.cgi?id=6302
http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807

Cryptographic issues in OTRS - CVE-2010-4758

Detailed vulnerability description

How to mitigate CVE-2010-4758

Sources

Please verify you're human