Primary

Context

Best Practical Solutions Request Tracker Triple DES Cryptography Vulnerability

Vulnerability

Patched

A vulnerability exists in Best Practical Solutions, LLC's Request Tracker in versions prior to 5.0.8, where the outdated Triple DES (3DES) algorithm is used to encrypt emails with S/MIME. This reliance on 3DES, which is vulnerable to birthday attacks, compromises the confidentiality of the encrypted messages.

Impact

The use of Triple DES for S/MIME encryption is outdated and insecure, allowing for potential birthday attacks that could compromise the confidentiality of encrypted emails.

Remediation

Users can upgrade to Request Tracker version 5.0.8, where this vulnerability has been addressed. Instructions for downloading this version are available in the release notes.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Best Practical Solutions Request Tracker Triple DES Cryptography Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Best Practical Solutions Request Tracker

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating