CVE-2008-7278
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
18/03/2011
Last modified:
11/04/2025
Description
The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:* | 2.2.4 (including) | |
| cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:* | ||
| cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:* | ||
| cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:* | ||
| cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:* | ||
| cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:* | ||
| cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:* | ||
| cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:* | ||
| cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:* | ||
| cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:* | ||
| cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page