Plain Text Passwords Displayed in OTRS Admin Log Module
CVE-2024-43444

8.2HIGH

Key Information:

Vendor: Otrs Ag
Status: Otrs; ((otrs)) Community Edition
Vendor: CVE Published:; 26 August 2024

What is CVE-2024-43444?

The OTRS admin log module contains a significant security flaw where passwords for both agents and customers can be exposed in plain text. This vulnerability arises when specific configurations related to authentication sources are set and debugging for the authentication backend is enabled. The affected versions of OTRS span from 7.0.X through 7.0.50, as well as OTRS 8.0.X, OTRS 2023.X, and OTRS from 2024.X through 2024.5.X. Additionally, products based on the ((OTRS)) Community Edition are also likely susceptible to this issue, raising significant concerns regarding data security and user confidentiality.

Affected Version(s)

((OTRS)) Community Edition 6.0.x

OTRS 7.0.x <= 7.0.50

References

https://otrs.com/release-notes/otrs-security-advisory-202...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2024
Vulnerability Reserved
Aug 13, 2024

Otrs Ag

What is CVE-2024-43444?

Affected Version(s)

References

CVSS V3.1

Timeline