CVE-2020-1772
27.03.2020, 13:15
It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.Enginsight
| Vendor | Product | Version |
|---|---|---|
| otrs | otrs | 5.0.0 ≤ 𝑥 ≤ 5.0.41 |
| otrs | otrs | 6.0.0 ≤ 𝑥 ≤ 6.0.26 |
| otrs | otrs | 7.0.0 ≤ 𝑥 ≤ 7.0.15 |
| opensuse | backports_sle | 15.0 |
| opensuse | backports_sle | 15.0:sp1 |
| opensuse | backports_sle | 15.0:sp2 |
| opensuse | leap | 15.1 |
| opensuse | leap | 15.2 |
| debian | debian_linux | 8.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
References