CVE-2020-1778: Bypassing user account validation
First published: Mon Nov 23 2020(Updated: )
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.
Credit: security@otrs.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Otrs Otrs | <=8.0.9 |
Remedy
Upgrade to OTRS 8.0.10
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2020-1778.
What is the title of the vulnerability?
The title of the vulnerability is 'When OTRS uses multiple backends for user authentication (with LDAP) agents are able to login even if the account is set to invalid.'
What is the severity of CVE-2020-1778?
The severity of CVE-2020-1778 is medium with a severity value of 4.3.
Which versions of OTRS are affected by CVE-2020-1778?
CVE-2020-1778 affects OTRS versions 8.0.9 and prior.
How can I fix the vulnerability CVE-2020-1778?
To fix the vulnerability CVE-2020-1778, update your OTRS installation to a version that is not affected by the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/remedy
- agent/references
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- vendor/otrs
- canonical/otrs otrs
- version/otrs otrs/8.0.9