CVE-2020-1772

Summary

It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

Affected Software

VendorProductVersion RangeStatus
OTRS AG((OTRS)) Community Edition5.0.x <= 5.0.41affected
OTRS AG((OTRS)) Community Edition6.0.x <= 6.0.26affected
OTRS AGOTRS7.0.x <= 7.0.15affected

Weaknesses

  • CWE-155: CWE-155

ADP Enrichment

CVE Program Container

Additional References

References