QwikSec

Security Database

CVE

CWE

Training

CVE-2017-5361

Published: Jul 3, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_DEBIAN

https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.