CVE-2017-5361

NONE EPSS 68.5%
Published Jul 3, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jul 3, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack.

Threat Intelligence

EPSS Exploit Probability
68.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Affected Products 41

VendorProductVersionRange
bestpracticalrequest_tracker4.0.0any
bestpracticalrequest_tracker4.0.1any
bestpracticalrequest_tracker4.0.2any
bestpracticalrequest_tracker4.0.3any
bestpracticalrequest_tracker4.0.4any
bestpracticalrequest_tracker4.0.5any
bestpracticalrequest_tracker4.0.6any
bestpracticalrequest_tracker4.0.7any
bestpracticalrequest_tracker4.0.8any
bestpracticalrequest_tracker4.0.9any
bestpracticalrequest_tracker4.0.10any
bestpracticalrequest_tracker4.0.11any
bestpracticalrequest_tracker4.0.12any
bestpracticalrequest_tracker4.0.13any
bestpracticalrequest_tracker4.0.14any
bestpracticalrequest_tracker4.0.15any
bestpracticalrequest_tracker4.0.16any
bestpracticalrequest_tracker4.0.17any
bestpracticalrequest_tracker4.0.18any
bestpracticalrequest_tracker4.0.19any
bestpracticalrequest_tracker4.0.20any
bestpracticalrequest_tracker4.0.21any
bestpracticalrequest_tracker4.0.22any
bestpracticalrequest_tracker4.0.23any
bestpracticalrequest_tracker4.0.24any
bestpracticalrequest_tracker4.2.0any
bestpracticalrequest_tracker4.2.1any
bestpracticalrequest_tracker4.2.2any
bestpracticalrequest_tracker4.2.3any
bestpracticalrequest_tracker4.2.4any
bestpracticalrequest_tracker4.2.5any
bestpracticalrequest_tracker4.2.6any
bestpracticalrequest_tracker4.2.7any
bestpracticalrequest_tracker4.2.8any
bestpracticalrequest_tracker4.2.9any
bestpracticalrequest_tracker4.2.10any
bestpracticalrequest_tracker4.2.11any
bestpracticalrequest_tracker4.2.12any
bestpracticalrequest_tracker4.2.13any
bestpracticalrequest_tracker4.4.0any
bestpracticalrequest_tracker4.4.1any

References 3

  • debian.org http://www.debian.org/security/2017/dsa-3882
    Third Party Advisory
  • debian.org http://www.debian.org/security/2017/dsa-3883
    Third Party Advisory
  • forum.bestpractical.com https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.