Back to search
CVE-2011-1007
Published: Feb 28, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575
x_refsource_CONFIRM
http://issues.bestpractical.com/Ticket/Display.html?id=15804
x_refsource_CONFIRM
43438
third-party-advisory
x_refsource_SECUNIA
[rt-announce] 20110216 RT 3.8.9 Released
mailing-list
x_refsource_MLIST
rt-login-information-disclosure(65771)
vdb-entry
x_refsource_XF
ADV-2011-0475
vdb-entry
x_refsource_VUPEN
71012
vdb-entry
x_refsource_OSVDB
[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now