CVE-2020-1772

NameCVE-2020-1772
DescriptionIt's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2198-1, DLA-3551-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
otrs2 (PTS)jessie, jessie (lts)3.3.18-1+deb8u15fixed
stretch/non-free (security), stretch/non-free (lts), stretch/non-free5.0.16-1+deb9u6vulnerable
buster/non-free (security), buster/non-free6.0.16-2+deb10u1fixed
bullseye/non-free6.0.32-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
otrs2sourcewheezy(unfixed)end-of-life
otrs2sourcejessie3.3.18-1+deb8u15DLA-2198-1
otrs2sourcebuster6.0.16-2+deb10u1DLA-3551-1
otrs2source(unstable)6.0.27-1

Notes

[stretch] - otrs2 <ignored> (Non-free not supported)
https://otrs.com/release-notes/otrs-security-advisory-2020-09/
Fixed in 7.0.16, 6.0.27, 5.0.42
OTRS6: https://github.com/OTRS/otrs/commit/c0255365d5c455272b2b9e7bb1f6c96c3fce441b
OTRS5: https://github.com/OTRS/otrs/commit/2628464f659c39fafbc32147d569553eb07d41d7

Search for package or bug name: Reporting problems