CVE-2011-1007
CVE-2011-1007
Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575http://issues.bestpractical.com/Ticket/Display.html?id=15804http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.htmlhttp://openwall.com/lists/oss-security/2011/02/22/12http://openwall.com/lists/oss-security/2011/02/22/16http://openwall.com/lists/oss-security/2011/02/22/6http://openwall.com/lists/oss-security/2011/02/23/22http://openwall.com/lists/oss-security/2011/02/24/7http://openwall.com/lists/oss-security/2011/02/24/8http://openwall.com/lists/oss-security/2011/02/24/9http://osvdb.org/71012http://secunia.com/advisories/43438