CVE-2023-6254: Password is send back to client
First published: Mon Nov 27 2023(Updated: )
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37.
Credit: security@otrs.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Otrs Otrs | >=8.0.1<=8.0.37 |
Remedy
Update to OTRS Patch 2023.1.1
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-6254.
What is the severity of CVE-2023-6254?
The severity of CVE-2023-6254 is high (8.1).
Which software versions are affected by CVE-2023-6254?
CVE-2023-6254 affects OTRS versions 8.0.X through 8.0.37.
What is the impact of CVE-2023-6254?
CVE-2023-6254 allows the reading of plain text passwords, which are sent back to the client in the server response.
How can I fix CVE-2023-6254?
To fix CVE-2023-6254, update OTRS to version 8.0.38 or later.
- collector/nvd-api
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/references
- agent/title
- agent/severity
- agent/remedy
- agent/weakness
- agent/tags
- agent/description
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- vendor/otrs
- canonical/otrs otrs
- version/otrs otrs/8.0.1
- version/otrs otrs/8.0.37