OTRS ticket system: Attackers can view unencrypted passwords

The developers of the Open Ticket Request System have closed several security gaps.

(Image: Artur Szczybylo/Shutterstock.com)

Aug 28, 2024 at 9:55 pm CEST

1 min. read

By

Dennis Schirrmacher

Admins who supervise helpdesks with the Open Ticket Request System (OTRS) should install the latest versions of the ticket system software for security reasons.

Closed gaps

In the OTRS Security Center, the developers list three security vulnerabilities that have now been closed. The most dangerous is a password vulnerability (CVE-2024-4344"high"). Under certain conditions, such as when debugging for the authentication backend is active, attackers can view customers' plain text passwords in the OTRS admin log module, among other things.

In addition, two persistent XSS attacks are possible (CVE-2024-43442"medium", CVE-2024-43443"medium"), which target admins. However, attackers must already have admin rights for this.

The developers state that they have resolved the security issues in OTRS versions 2024.6.x and 7.0.51.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Back to top

Alle Angebote

Newsletter heise-Bot Push Push-Nachrichten

${intro} ${title}

${intro} ${title}

OTRS ticket system: Attackers can view unencrypted passwords

Closed gaps

Spiele