PT-2023-32579 · Otrs · Otrs

Matthias Püschel

Publicado

2023-11-27

Atualizado

2023-12-01

CVE-2023-6254

CVSS v3.1

8.1

Alta

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions OTRS versions 8.0.X through 8.0.37

Description A vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords, which are sent back to the client in the server response.

Recommendations For OTRS versions 8.0.X through 8.0.37, update to a version that includes the fix for this issue to prevent the reading of plain text passwords. As a temporary workaround, consider restricting access to the AgentInterface and ExternalInterface until a patch is available.

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

CVE-2023-6254

Produtos afetados

Otrs

PT-2023-32579 · Otrs · Otrs

CVE-2023-6254

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8