Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 371491

Summary: www-apps/otrs: Multiple vulnerabilities (CVE-2010-{4758,4759,4760,4761,4762,4763,4764,4765,4766,4767,4768},CVE-2011-{0456,1433,1518})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: trivial CC: web-apps
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~1 [ebuild]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2011-06-13 21:09:49 UTC 
CVE-2010-4758 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4758):
  installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an
  Inbound Mail Password field that uses the text type, instead of the password
  type, for its INPUT element, which makes it easier for physically proximate
  attackers to obtain the password by reading the workstation screen.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2011-06-13 21:13:30 UTC 
Sorry for the dupes.