Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Request_tracker | Bestpractical | 4.0.0 (including) | 4.0.0 (including) |
| Request_tracker | Bestpractical | 4.0.1 (including) | 4.0.1 (including) |
| Request_tracker | Bestpractical | 4.0.2 (including) | 4.0.2 (including) |
| Request_tracker | Bestpractical | 4.0.3 (including) | 4.0.3 (including) |
| Request_tracker | Bestpractical | 4.0.4 (including) | 4.0.4 (including) |
| Request_tracker | Bestpractical | 4.0.5 (including) | 4.0.5 (including) |
| Request_tracker | Bestpractical | 4.0.6 (including) | 4.0.6 (including) |
| Request_tracker | Bestpractical | 4.0.7 (including) | 4.0.7 (including) |
| Request_tracker | Bestpractical | 4.0.8 (including) | 4.0.8 (including) |
| Request_tracker | Bestpractical | 4.0.9 (including) | 4.0.9 (including) |
| Request_tracker | Bestpractical | 4.0.10 (including) | 4.0.10 (including) |
| Request_tracker | Bestpractical | 4.0.11 (including) | 4.0.11 (including) |
| Request_tracker | Bestpractical | 4.0.12 (including) | 4.0.12 (including) |
| Request_tracker | Bestpractical | 4.0.13 (including) | 4.0.13 (including) |
| Request_tracker | Bestpractical | 4.0.14 (including) | 4.0.14 (including) |
| Request_tracker | Bestpractical | 4.0.15 (including) | 4.0.15 (including) |
| Request_tracker | Bestpractical | 4.0.16 (including) | 4.0.16 (including) |
| Request_tracker | Bestpractical | 4.0.17 (including) | 4.0.17 (including) |
| Request_tracker | Bestpractical | 4.0.18 (including) | 4.0.18 (including) |
| Request_tracker | Bestpractical | 4.0.19 (including) | 4.0.19 (including) |
| Request_tracker | Bestpractical | 4.0.20 (including) | 4.0.20 (including) |
| Request_tracker | Bestpractical | 4.0.21 (including) | 4.0.21 (including) |
| Request_tracker | Bestpractical | 4.0.22 (including) | 4.0.22 (including) |
| Request_tracker | Bestpractical | 4.0.23 (including) | 4.0.23 (including) |
| Request_tracker | Bestpractical | 4.0.24 (including) | 4.0.24 (including) |
| Request_tracker | Bestpractical | 4.2.0 (including) | 4.2.0 (including) |
| Request_tracker | Bestpractical | 4.2.1 (including) | 4.2.1 (including) |
| Request_tracker | Bestpractical | 4.2.2 (including) | 4.2.2 (including) |
| Request_tracker | Bestpractical | 4.2.3 (including) | 4.2.3 (including) |
| Request_tracker | Bestpractical | 4.2.4 (including) | 4.2.4 (including) |
| Request_tracker | Bestpractical | 4.2.5 (including) | 4.2.5 (including) |
| Request_tracker | Bestpractical | 4.2.6 (including) | 4.2.6 (including) |
| Request_tracker | Bestpractical | 4.2.7 (including) | 4.2.7 (including) |
| Request_tracker | Bestpractical | 4.2.8 (including) | 4.2.8 (including) |
| Request_tracker | Bestpractical | 4.2.9 (including) | 4.2.9 (including) |
| Request_tracker | Bestpractical | 4.2.10 (including) | 4.2.10 (including) |
| Request_tracker | Bestpractical | 4.2.11 (including) | 4.2.11 (including) |
| Request_tracker | Bestpractical | 4.2.12 (including) | 4.2.12 (including) |
| Request_tracker | Bestpractical | 4.2.13 (including) | 4.2.13 (including) |
| Request_tracker | Bestpractical | 4.4.0 (including) | 4.4.0 (including) |
| Request_tracker | Bestpractical | 4.4.1 (including) | 4.4.1 (including) |
| Request-tracker4 | Ubuntu | esm-apps/xenial | * |
| Request-tracker4 | Ubuntu | trusty | * |
| Request-tracker4 | Ubuntu | upstream | * |
| Request-tracker4 | Ubuntu | xenial | * |
| Request-tracker4 | Ubuntu | yakkety | * |
| Request-tracker4 | Ubuntu | zesty | * |
| Rt-authen-externalauth | Ubuntu | trusty | * |
| Rt-authen-externalauth | Ubuntu | upstream | * |
| Rt-authen-externalauth | Ubuntu | xenial | * |
| Rt-authen-externalauth | Ubuntu | yakkety | * |