An issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zammad zammad 1.1.1 |
||
zammad zammad 1.1.2 |
||
zammad zammad 1.2.0 |
||
zammad zammad |
||
zammad zammad 1.1.0 |