Wildcard Token Vulnerability in ((OTRS)) Community Edition and OTRS

Wildcard Token Vulnerability in ((OTRS)) Community Edition and OTRS

CVE-2020-1772 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

Learn more about our User Device Pen Test.