CVE-2020-1774

Name of the Vulnerable Software and Affected Versions OTRS Community Edition versions prior to 5.0.42 OTRS Community Edition versions prior to 6.0.27 OTRS versions prior to 7.0.16

Description The issue arises when a user downloads PGP or S/MIME keys/certificates, and the exported file has the same name for both private and public keys. This can lead to mixing them up and potentially sending the private key to a third party instead of the public key.

Recommendations For OTRS Community Edition versions prior to 5.0.42, update to a version later than 5.0.42 to resolve the issue. For OTRS Community Edition versions prior to 6.0.27, update to a version later than 6.0.27 to resolve the issue. For OTRS versions prior to 7.0.16, update to a version later than 7.0.16 to resolve the issue. As a temporary workaround, consider renaming the private and public key files to distinct names after export to avoid confusion.