CVE-2020-1778 MEDIUM

CVE-2020-1778: Bypassing user account validation

Vendor Otrs Ag
Product OTRS
Weakness CWE-287 · Improper authentication
Published November 23, 2020
Last update September 16, 2024

CVSS base score

4.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.

Key dates

02Disclosure timeline

November 23, 2020 CVE published
September 16, 2024 Record updated