CVE-2021-36095: User enumeration issue using "lost password" feature
First published: Mon Sep 06 2021(Updated: )
Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.
Credit: security@otrs.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Otrs Otrs | >=6.0.1 | |
| Otrs Otrs | >=7.0.0<7.0.29 |
Remedy
Update to OTRS 7.0.29.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-36095.
How does the vulnerability allow malicious attackers to find valid user logins?
The vulnerability allows malicious attackers to find valid user logins by exploiting the 'lost password' feature.
Which versions of OTRS Community Edition are affected?
OTRS Community Edition versions 6.0.1 and later versions are affected.
Which versions of OTRS 7.x are affected?
OTRS 7.0.x versions prior to 7.0.28 are affected.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is medium, with a CVSS score of 5.3.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/references
- agent/weakness
- agent/title
- agent/author
- agent/tags
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- vendor/otrs
- canonical/otrs otrs
- version/otrs otrs/6.0.1
- version/otrs otrs/7.0.0