CVE-2022-32741
Information disclosure in Request New Password feature
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
OTRS AG · OTRSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →