A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Otrs | Otrs | 8.0.1 (including) | 8.0.37 (including) |
| Otrs2 | Ubuntu | bionic | * |
| Otrs2 | Ubuntu | trusty | * |
| Otrs2 | Ubuntu | xenial | * |
| Znuny | Ubuntu | bionic | * |
| Znuny | Ubuntu | lunar | * |
| Znuny | Ubuntu | mantic | * |
| Znuny | Ubuntu | trusty | * |
| Znuny | Ubuntu | xenial | * |