CVE-2024-43444

Name of the Vulnerable Software and Affected Versions OTRS versions 7.0.X through 7.0.50 OTRS version 8.0.X OTRS version 2023.X OTRS versions 2024.X through 2024.5.X OTRS Community Edition version 6.0.x

Description The issue is related to the OTRS admin log module, where passwords of agents and customers are displayed in plain text if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This allows a remote attacker to disclose protected information.

Recommendations For OTRS versions 7.0.X through 7.0.50, consider disabling the debugging for the authentication backend to prevent passwords from being displayed in plain text. For OTRS version 8.0.X, restrict access to the admin log module until a fix is available. For OTRS version 2023.X, avoid using the authentication sources that match the vulnerable configurations. For OTRS versions 2024.X through 2024.5.X, disable the admin log module temporarily to minimize the risk of exploitation. For OTRS Community Edition version 6.0.x, consider applying configuration changes to prevent the disclosure of protected information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.