CVE-2011-1690 | Vulnerability Database | Aqua Security

Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Rt	Bestpractical	3.6.0 (including)	3.6.0 (including)
Rt	Bestpractical	3.6.1 (including)	3.6.1 (including)
Rt	Bestpractical	3.6.2 (including)	3.6.2 (including)
Rt	Bestpractical	3.6.3 (including)	3.6.3 (including)
Rt	Bestpractical	3.6.4 (including)	3.6.4 (including)
Rt	Bestpractical	3.6.5 (including)	3.6.5 (including)
Rt	Bestpractical	3.6.6 (including)	3.6.6 (including)
Rt	Bestpractical	3.6.7 (including)	3.6.7 (including)
Rt	Bestpractical	3.6.8 (including)	3.6.8 (including)
Rt	Bestpractical	3.6.9 (including)	3.6.9 (including)
Rt	Bestpractical	3.6.10 (including)	3.6.10 (including)

References

http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html
http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html
http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html
http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html
http://secunia.com/advisories/44189
http://www.debian.org/security/2011/dsa-2220
http://www.securityfocus.com/bid/47383
http://www.vupen.com/english/advisories/2011/1071
https://bugzilla.redhat.com/show_bug.cgi?id=696795
https://exchange.xforce.ibmcloud.com/vulnerabilities/66794

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1690
CWE	https://cwe.mitre.org/data/definitions/255.html