PT-2020-15055 · Otrs · Otrs
László Gyaraki
·
Published
2020-11-23
·
Updated
2020-12-04
·
CVE-2020-1778
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OTRS versions 8.0.9 and prior
Description
The issue allows agents to login even if their account is set to invalid when OTRS uses multiple backends for user authentication with LDAP.
Recommendations
For versions 8.0.9 and prior, update to a version that contains a fix for this issue to prevent agents from logging in with invalid accounts.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Otrs