A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37.
Weakness
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Otrs | Otrs | 8.0.1 (including) | 8.0.37 (including) |
| Otrs2 | Ubuntu | bionic | * |
| Otrs2 | Ubuntu | focal | * |
| Otrs2 | Ubuntu | trusty | * |
| Otrs2 | Ubuntu | xenial | * |
| Znuny | Ubuntu | bionic | * |
| Znuny | Ubuntu | lunar | * |
| Znuny | Ubuntu | mantic | * |
| Znuny | Ubuntu | oracular | * |
| Znuny | Ubuntu | plucky | * |
| Znuny | Ubuntu | trusty | * |
| Znuny | Ubuntu | xenial | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/102.html
- https://cwe.mitre.org/data/definitions/474.html
- https://cwe.mitre.org/data/definitions/50.html
- https://cwe.mitre.org/data/definitions/509.html
- https://cwe.mitre.org/data/definitions/551.html
- https://cwe.mitre.org/data/definitions/555.html
- https://cwe.mitre.org/data/definitions/560.html
- https://cwe.mitre.org/data/definitions/561.html
- https://cwe.mitre.org/data/definitions/600.html
- https://cwe.mitre.org/data/definitions/644.html
- https://cwe.mitre.org/data/definitions/645.html
- https://cwe.mitre.org/data/definitions/652.html
- https://cwe.mitre.org/data/definitions/653.html