An issue exists in Zammad 3.0 up to and including 3.2. After authentication, it transmits sensitive information to the user that may be compromised and used by an malicious user to gain unauthorized access. Hashed passwords are returned to the user when visiting a certain URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zammad zammad |