371497 – www-apps/otrs: Multiple vulnerabilities (CVE-2010-{4758,4759,4760,4761,4762,4763,4764,4765,4766,4767,4768},CVE-2011-{0456,1433,1518})

Bug 371497 - www-apps/otrs: Multiple vulnerabilities (CVE-2010-{4758,4759,4760,4761,4762,4763,4764,4765,4766,4767,4768},CVE-2011-{0456,1433,1518})

Summary: www-apps/otrs: Multiple vulnerabilities (CVE-2010-{4758,4759,4760,4761,4762,4...

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial
Assignee:	Gentoo Security

URL:
Whiteboard:	~1 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2011-06-13 21:09 UTC by GLSAMaker/CVETool Bot
Modified:	2011-06-13 21:13 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2011-06-13 21:09:56 UTC

CVE-2010-4758 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4758):
  installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an
  Inbound Mail Password field that uses the text type, instead of the password
  type, for its INPUT element, which makes it easier for physically proximate
  attackers to obtain the password by reading the workstation screen.

Comment 1 Alex Legler (RETIRED) archtester

2011-06-13 21:13:32 UTC

Sorry for the dupes.