CVE-2022-32741
Information disclosure in Request New Password feature
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Productos afectados
OTRS AG · OTRS¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →