CVE-2020-10104

Name of the Vulnerable Software and Affected Versions Zammad versions 3.0 through 3.2

Description An issue was discovered in Zammad where, after authentication, it transmits sensitive information to the user that may be compromised and used by an attacker to gain unauthorized access. Specifically, hashed passwords are returned to the user when visiting a certain URL.

Recommendations For Zammad versions 3.0 through 3.2, as a temporary workaround, consider restricting access to the URL that returns hashed passwords to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.