Account Enumeration Vulnerability in Zammad before 3.4.1

Account Enumeration Vulnerability in Zammad before 3.4.1

CVE-2020-26034 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

An account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized as associated with a valid user.

Learn more about our User Device Pen Test.