Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: * OTRS from 7.0.X through 7.0.50 * OTRS 8.0.X * OTRS 2023.X * OTRS from 2024.X through 2024.5.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected
History

Mon, 26 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Otrs
Otrs otrs
CPEs cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*
Vendors & Products Otrs
Otrs otrs
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 26 Aug 2024 09:00:00 +0000

Type Values Removed Values Added
Description Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: * OTRS from 7.0.X through 7.0.50 * OTRS 8.0.X * OTRS 2023.X * OTRS from 2024.X through 2024.5.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected
Title Passwords are written to Admin Log Module
Weaknesses CWE-532
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: OTRS

Published: 2024-08-26T08:42:58.796Z

Updated: 2024-08-29T07:36:13.555Z

Reserved: 2024-08-13T13:38:47.973Z

Link: CVE-2024-43444

cve-icon Vulnrichment

Updated: 2024-08-26T14:01:42.067Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-26T09:15:04.760

Modified: 2024-08-26T12:47:20.187

Link: CVE-2024-43444

cve-icon Redhat

No data.