CVE-2022-32741

Summary

Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.

Affected Software

VendorProductVersion RangeStatus
OTRS AGOTRS7.0.x <= 7.0.34affected
OTRS AGOTRS8.0.x <= 8.0.22affected

Weaknesses

  • CWE-200: CWE-200 Information Exposure

ADP Enrichment

CVE Program Container

Additional References

References