CVE-2020-1778Improper Authentication in AG Otrs

CWE-287Improper Authentication5 documents5 sources
Severity
4.3MEDIUMNVD
CNA4.1
EPSS
0.2%
top 53.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Otrs AG OtrsOtrs
Timeline
PublishedNov 23
Latest updateMay 24

Description

When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDotrs/otrs8.0.9
CVEListV5otrs_ag/otrs8.0.x8.0.9

🔴Vulnerability Details

3
GHSA
GHSA-vwfv-p8p3-m4r7: When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid2022-05-24
OSV
CVE-2020-1778: When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid2020-11-23
CVEList
Bypassing user account validation2020-11-23

📋Vendor Advisories

1
Debian
CVE-2020-1778: otrs2 - When OTRS uses multiple backends for user authentication (with LDAP), agents are...2020
CVE-2020-1778 — Improper Authentication in Otrs AG Otrs | cvebase