Plain Text Passwords Displayed in OTRS Admin Log Module
CVE-2024-43444

8.2HIGH

Key Information:

Vendor: Otrs Ag
Status: Otrs; ((otrs)) Community Edition
Vendor: CVE Published:; 26 August 2024

What is CVE-2024-43444?

The OTRS admin log module contains a significant security flaw where passwords for both agents and customers can be exposed in plain text. This vulnerability arises when specific configurations related to authentication sources are set and debugging for the authentication backend is enabled. The affected versions of OTRS span from 7.0.X through 7.0.50, as well as OTRS 8.0.X, OTRS 2023.X, and OTRS from 2024.X through 2024.5.X. Additionally, products based on the ((OTRS)) Community Edition are also likely susceptible to this issue, raising significant concerns regarding data security and user confidentiality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

((OTRS)) Community Edition 6.0.x

OTRS 7.0.x <= 7.0.50

References

https://otrs.com/release-notes/otrs-security-advisory-202...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 26, 2024
Vulnerability Reserved
Aug 13, 2024

JSON

Otrs Ag