First published: Fri Mar 27 2020(Updated: )
An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions.
Credit: security@otrs.com security@otrs.com
Affected Software | Affected Version | How to fix |
---|---|---|
Otrs Otrs | >=5.0.0<=5.0.41 | |
Otrs Otrs | >=6.0.0<=6.0.26 | |
Otrs Otrs | >=7.0.0<=7.0.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-1773.
The severity of CVE-2020-1773 is high with a score of 8.1.
CVE-2020-1773 affects ((OTRS)) Community Edition versions 5.0.0 to 5.0.41, versions 6.0.0 to 6.0.26, and versions 7.0.0 to 7.0.15.
CVE-2020-1773 allows an attacker to predict other users session IDs, password reset tokens, and automatically generated passwords.
You can find more information about CVE-2020-1773 at the following references: [http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html](http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html), [http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html](http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html), [http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html](http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html).