This Metasploit module exploits a flaw in the password reset mechanism in BMC TrackIt! 11.3 and possibly prior versions. If the password reset service is configured to use a domain administrator (which is the recommended configuration), then domain credentials can be reset (such as domain Administrator).
a7ccb5a05659f5e2d5a8a2656da3df1b76d134f385ed2af2ebd215f40f8e2be3