CVE-2017-5361

Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.15:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.16:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.17:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.18:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.19:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.20:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.21:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.22:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.23:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.24:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.2.5:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.2.6:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.2.7:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.2.8:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.2.9:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.2.10:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.2.11:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.2.12:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.2.13:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.4.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-07-03 16:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-5361

Mitre link : CVE-2017-5361

CVE.ORG link : CVE-2017-5361


JSON object : View

Products Affected

bestpractical

  • request_tracker