It's possible to craft Lost Password requests with wildcards in the Token value, which allows malicious user to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
otrs otrs |
||
opensuse leap 15.1 |
||
opensuse backports sle 15.0 |
||
opensuse leap 15.2 |
||
debian debian linux 8.0 |