PT-2020-15049 · Otrs+2 · Otrs+3

Fabian Henneke

Published

2020-03-27

Updated

2023-08-31

CVE-2020-1772

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OTRS Community Edition versions prior to 5.0.41 OTRS Community Edition versions prior to 6.0.26 OTRS versions prior to 7.0.15

Description It is possible to craft Lost Password requests with wildcards in the Token value, allowing an attacker to retrieve valid tokens generated by users who have already requested new passwords.

Recommendations For OTRS Community Edition versions prior to 5.0.41, update to a version later than 5.0.41. For OTRS Community Edition versions prior to 6.0.26, update to a version later than 6.0.26. For OTRS versions prior to 7.0.15, update to a version later than 7.0.15.

Fix

Improper Neutralization of Wildcards

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-155

Related Identifiers

ALT-PU-2020-2649

ALT-PU-2020-2748

CVE-2020-1772

DLA-2198-1

DLA-3551-1

OPENSUSE-SU-2020:0551-1

OPENSUSE-SU-2020:1475-1

OPENSUSE-SU-2020:1509-1

OPENSUSE-SU-2020_0551-1

OPENSUSE-SU-2020_1475-1

Affected Products

Alt Linux

Otrs

Otrs Community Edition

Suse

PT-2020-15049 · Otrs+2 · Otrs+3

CVE-2020-1772

Weakness Enumeration

Related Identifiers

Affected Products

References · 54