1168032 – (CVE-2020-1769) VUL-0: CVE-2020-1769: otrs: Username and Password fields use autocomplete

Bug 1168032 (CVE-2020-1769) - VUL-0: CVE-2020-1769: otrs: Username and Password fields use autocomplete

Summary: VUL-0: CVE-2020-1769: otrs: Username and Password fields use autocomplete

Status:	RESOLVED FIXED

Alias:	CVE-2020-1769

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Basesystem (show other bugs)
Version:	Leap 15.2
Hardware:	Other Other

Priority:	P3 - Medium Severity: Minor (vote)
Target Milestone:	---
Assignee:	Christian Wittmer
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/256037/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2020-03-30 07:34 UTC by Alexander Bergmann
Modified:	2020-09-23 13:22 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2020-03-30 07:34:09 UTC

CVE-2020-1769

In the login screens (in agent and customer interface), Username and Password
fields use autocomplete, which might be considered as security issue. This issue
affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior
versions. OTRS: 7.0.15 and prior versions.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1769
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1769.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1769
https://otrs.com/release-notes/otrs-security-advisory-2020-06/

Comment 1 Christian Wittmer 2020-04-07 22:08:48 UTC

ongoing work ...

Comment 2 Swamp Workflow Management 2020-04-08 12:40:56 UTC

This is an autogenerated message for OBS integration:
This bug (1168032) was mentioned in
https://build.opensuse.org/request/show/792434 15.1+Backports:SLE-15+Backports:SLE-15-SP1 / otrs

Comment 3 Swamp Workflow Management 2020-04-09 10:20:47 UTC

This is an autogenerated message for OBS integration:
This bug (1168032) was mentioned in
https://build.opensuse.org/request/show/792677 15.1+Backports:SLE-15+Backports:SLE-15-SP1 / otrs
https://build.opensuse.org/request/show/792678 15.1+Backports:SLE-15+Backports:SLE-15-SP1 / otrs

Comment 4 Swamp Workflow Management 2020-04-22 12:40:50 UTC

This is an autogenerated message for OBS integration:
This bug (1168032) was mentioned in
https://build.opensuse.org/request/show/796277 15.1 / otrs

Comment 5 Swamp Workflow Management 2020-04-25 19:15:13 UTC

openSUSE-SU-2020:0551-1: An update that fixes 18 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1122560,1137614,1137615,1139406,1141430,1141431,1141432,1156431,1157001,1160663,1168029,1168030,1168031,1168032
CVE References: CVE-2019-10067,CVE-2019-12248,CVE-2019-12497,CVE-2019-12746,CVE-2019-13457,CVE-2019-13458,CVE-2019-16375,CVE-2019-18179,CVE-2019-18180,CVE-2019-9752,CVE-2019-9892,CVE-2020-1765,CVE-2020-1766,CVE-2020-1769,CVE-2020-1770,CVE-2020-1771,CVE-2020-1772,CVE-2020-1773
Sources used:
openSUSE Leap 15.1 (src):    otrs-5.0.42-lp151.2.3.1
openSUSE Backports SLE-15-SP1 (src):    otrs-5.0.42-bp151.3.3.1
openSUSE Backports SLE-15 (src):    otrs-5.0.42-bp150.2.10.1

Comment 6 Christian Wittmer 2020-05-04 08:36:53 UTC

can we close this ?

Comment 7 Alexandros Toptsoglou 2020-05-04 08:39:06 UTC

Done

Comment 8 Swamp Workflow Management 2020-09-20 04:23:10 UTC

openSUSE-SU-2020:1475-1: An update that fixes 18 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1122560,1137614,1137615,1139406,1141430,1141431,1141432,1156431,1157001,1160663,1168029,1168030,1168031,1168032
CVE References: CVE-2019-10067,CVE-2019-12248,CVE-2019-12497,CVE-2019-12746,CVE-2019-13457,CVE-2019-13458,CVE-2019-16375,CVE-2019-18179,CVE-2019-18180,CVE-2019-9752,CVE-2019-9892,CVE-2020-1765,CVE-2020-1766,CVE-2020-1769,CVE-2020-1770,CVE-2020-1771,CVE-2020-1772,CVE-2020-1773
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    otrs-6.0.29-lp152.2.3.4
openSUSE Leap 15.1 (src):    otrs-6.0.29-lp151.2.6.2
openSUSE Backports SLE-15-SP2 (src):    otrs-6.0.29-bp152.2.5.4
openSUSE Backports SLE-15-SP1 (src):    otrs-6.0.29-bp151.3.6.2

Comment 9 Swamp Workflow Management 2020-09-23 13:22:03 UTC

openSUSE-SU-2020:1509-1: An update that fixes 18 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1122560,1137614,1137615,1139406,1141430,1141431,1141432,1156431,1157001,1160663,1168029,1168030,1168031,1168032
CVE References: CVE-2019-10067,CVE-2019-12248,CVE-2019-12497,CVE-2019-12746,CVE-2019-13457,CVE-2019-13458,CVE-2019-16375,CVE-2019-18179,CVE-2019-18180,CVE-2019-9752,CVE-2019-9892,CVE-2020-1765,CVE-2020-1766,CVE-2020-1769,CVE-2020-1770,CVE-2020-1771,CVE-2020-1772,CVE-2020-1773
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    otrs-6.0.29-bp152.2.8.1