First published: Fri Mar 27 2020(Updated: )
In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
Credit: security@otrs.com security@otrs.com
Affected Software | Affected Version | How to fix |
---|---|---|
Otrs Otrs | >=5.0.0<=5.0.41 | |
Otrs Otrs | >=6.0.0<=6.0.26 | |
Otrs Otrs | >=7.0.0<=7.0.15 | |
openSUSE Backports SLE | =15.0 | |
openSUSE Backports SLE | =15.0-sp1 | |
openSUSE Backports SLE | =15.0-sp2 | |
openSUSE Leap | =15.1 | |
openSUSE Leap | =15.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-1769 is a vulnerability in ((OTRS)) Community Edition and OTRS versions 7.0.15 and prior versions that allows for autocomplete in Username and Password fields in the login screens, which could be considered a security issue.
CVE-2020-1769 affects ((OTRS)) Community Edition versions 5.0.41 and prior, 6.0.26 and prior, as well as OTRS versions 7.0.15 and prior.
CVE-2020-1769 has a severity rating of 4.3, which is considered medium.
CVE-2020-1769 allows autocomplete in Username and Password fields on the login screens, which can pose a security risk.
Upgrading ((OTRS)) Community Edition to version 5.0.42, 6.0.27, or later, or upgrading OTRS to version 7.0.16 or later, resolves the vulnerability.