CVE-2020-1773

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions OTRS Community Edition versions 5.0.41 and prior OTRS Community Edition versions 6.0.26 and prior OTRS versions 7.0.15 and prior

Description An attacker with the ability to generate session IDs or password reset tokens may be able to predict other users' session IDs, password reset tokens, and automatically generated passwords. This issue can be exploited by an authenticated user to guess other session IDs, password reset tokens, or automated passwords.

Recommendations For OTRS Community Edition versions 5.0.41 and prior, update to a version later than 5.0.41. For OTRS Community Edition versions 6.0.26 and prior, update to a version later than 6.0.26. For OTRS versions 7.0.15 and prior, update to a version later than 7.0.15.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-331

Related Identifiers

ALT-PU-2020-2649

ALT-PU-2020-2748

CVE-2020-1773

DLA-3551-1

OPENSUSE-SU-2020:0551-1

OPENSUSE-SU-2020:1475-1

OPENSUSE-SU-2020:1509-1

OPENSUSE-SU-2020_0551-1

OPENSUSE-SU-2020_1475-1

Affected Products

Alt Linux

Otrs

Otrs Community Edition

Suse

CVE-2020-1773

Weakness Enumeration

Related Identifiers

Affected Products

References · 52