Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled.
This issue affects:
* OTRS from 7.0.X through 7.0.50
* OTRS 8.0.X
* OTRS 2023.X
* OTRS from 2024.X through 2024.5.X
* ((OTRS)) Community Edition: 6.0.x
Products based on the ((OTRS)) Community Edition also very likely to be affected
Metrics
Affected Vendors & Products
References
History
Mon, 26 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Otrs
Otrs otrs |
|
CPEs | cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:* cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:* |
|
Vendors & Products |
Otrs
Otrs otrs |
|
Metrics |
ssvc
|
Mon, 26 Aug 2024 09:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: * OTRS from 7.0.X through 7.0.50 * OTRS 8.0.X * OTRS 2023.X * OTRS from 2024.X through 2024.5.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected | |
Title | Passwords are written to Admin Log Module | |
Weaknesses | CWE-532 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: OTRS
Published: 2024-08-26T08:42:58.796Z
Updated: 2024-08-29T07:36:13.555Z
Reserved: 2024-08-13T13:38:47.973Z
Link: CVE-2024-43444
Vulnrichment
Updated: 2024-08-26T14:01:42.067Z
NVD
Status : Awaiting Analysis
Published: 2024-08-26T09:15:04.760
Modified: 2024-08-26T12:47:20.187
Link: CVE-2024-43444
Redhat
No data.