Timing Side-Channel Vulnerability in Request Tracker by Best Practical Solutions
CVE-2017-5361

5.9MEDIUM

Key Information:

Vendor: Bestpractical
Status: Request Tracker
Vendor: CVE Published:; 3 July 2017

🔔 Create Bestpractical Vulnerability Alert

What is CVE-2017-5361?

Request Tracker (RT) versions prior to 4.0.25, 4.2.14, and 4.4.2 exhibit a vulnerability due to the failure to implement a constant-time comparison algorithm. This oversight allows attackers to leverage timing side-channel attacks to potentially extract sensitive user password information remotely, posing a significant security risk for applications that rely on this software.