Message Spoofing Vulnerability in Best Practical Solutions RT Software
CVE-2012-6578
Currently unrated
What is CVE-2012-6578?
This vulnerability in Best Practical Solutions' RT software arises when GnuPG is configured with a 'Sign by default' setting. In such cases, the software mistakenly uses a queue's key for signing messages, creating an opportunity for remote attackers to spoof legitimate messages. This occurs due to insufficient authentication measures, raising significant security concerns for users relying on GnuPG for message signing. Administrators should ensure they are running updated versions of RT to safeguard against potential abuse.