SSL Certificates are not checked for E-Mail Handling
CVE-2023-5422

9.1CRITICAL

Key Information:

Vendor: OTRS AG
Status: OTRS; ((OTRS)) Community Edition
Vendor: CVE Published:; 16 October 2023

What is CVE-2023-5422?

A vulnerability in OTRS and (OTRS) Community Edition allows for insecure email communication due to improper handling of SSL/TLS certificate validation. The affected email functions using OpenSSL for POP3, IMAP, and SMTP do not verify the results of SSL_get_verify_result(). As a result, it leads to a scenario where untrusted or expired certificates may be accepted, enabling potential attackers to impersonate trusted hosts or exploit various security weaknesses. This lack of robust certificate verification creates significant risks to the integrity and confidentiality of email communications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

((OTRS)) Community Edition 6.0.x <= 6.0.34

OTRS 7.0.x

OTRS 7.0.x < 7.0.47

References

https://otrs.com/release-notes/otrs-security-advisory-202...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2023
Vulnerability Reserved
Oct 5, 2023

Credit

Special thanks to Matthias Terlinde for reporting these vulnerability.

JSON

OTRS AG

What is CVE-2023-5422?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.