1168029 – (CVE-2020-1772) VUL-0: CVE-2020-1772: otrs: Lost Password requests with wildcard values could allow attacker to retrieve valid Token

Bug 1168029 (CVE-2020-1772) - VUL-0: CVE-2020-1772: otrs: Lost Password requests with wildcard values could allow attacker to retrieve valid Token

Summary: VUL-0: CVE-2020-1772: otrs: Lost Password requests with wildcard values could...

Status:	RESOLVED FIXED

Alias:	CVE-2020-1772

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Basesystem (show other bugs)
Version:	Leap 15.2
Hardware:	Other Other

Priority:	P3 - Medium Severity: Minor (vote)
Target Milestone:	---
Assignee:	Christian Wittmer
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/256040/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2020-03-30 07:33 UTC by Alexander Bergmann
Modified:	2020-09-23 13:21 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2020-03-30 07:33:50 UTC

CVE-2020-1772

It's possible to craft Lost Password requests with wildcards in the Token value,
which allows attacker to retrieve valid Token(s), generated by users which
already requested new passwords. This issue affects: ((OTRS)) Community Edition
5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior
versions.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1772
https://otrs.com/release-notes/otrs-security-advisory-2020-09/

Comment 1 Christian Wittmer 2020-04-07 22:10:36 UTC

ongoing work ...

Comment 2 Swamp Workflow Management 2020-04-08 12:40:46 UTC

This is an autogenerated message for OBS integration:
This bug (1168029) was mentioned in
https://build.opensuse.org/request/show/792434 15.1+Backports:SLE-15+Backports:SLE-15-SP1 / otrs

Comment 3 Swamp Workflow Management 2020-04-09 10:20:38 UTC

This is an autogenerated message for OBS integration:
This bug (1168029) was mentioned in
https://build.opensuse.org/request/show/792677 15.1+Backports:SLE-15+Backports:SLE-15-SP1 / otrs
https://build.opensuse.org/request/show/792678 15.1+Backports:SLE-15+Backports:SLE-15-SP1 / otrs

Comment 4 Swamp Workflow Management 2020-04-22 12:40:40 UTC

This is an autogenerated message for OBS integration:
This bug (1168029) was mentioned in
https://build.opensuse.org/request/show/796277 15.1 / otrs

Comment 5 Swamp Workflow Management 2020-04-25 19:14:53 UTC

openSUSE-SU-2020:0551-1: An update that fixes 18 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1122560,1137614,1137615,1139406,1141430,1141431,1141432,1156431,1157001,1160663,1168029,1168030,1168031,1168032
CVE References: CVE-2019-10067,CVE-2019-12248,CVE-2019-12497,CVE-2019-12746,CVE-2019-13457,CVE-2019-13458,CVE-2019-16375,CVE-2019-18179,CVE-2019-18180,CVE-2019-9752,CVE-2019-9892,CVE-2020-1765,CVE-2020-1766,CVE-2020-1769,CVE-2020-1770,CVE-2020-1771,CVE-2020-1772,CVE-2020-1773
Sources used:
openSUSE Leap 15.1 (src):    otrs-5.0.42-lp151.2.3.1
openSUSE Backports SLE-15-SP1 (src):    otrs-5.0.42-bp151.3.3.1
openSUSE Backports SLE-15 (src):    otrs-5.0.42-bp150.2.10.1

Comment 6 Christian Wittmer 2020-05-04 08:37:55 UTC

can we close this ?

Comment 7 Alexandros Toptsoglou 2020-05-04 08:40:04 UTC

Done

Comment 8 Swamp Workflow Management 2020-09-20 04:22:53 UTC

openSUSE-SU-2020:1475-1: An update that fixes 18 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1122560,1137614,1137615,1139406,1141430,1141431,1141432,1156431,1157001,1160663,1168029,1168030,1168031,1168032
CVE References: CVE-2019-10067,CVE-2019-12248,CVE-2019-12497,CVE-2019-12746,CVE-2019-13457,CVE-2019-13458,CVE-2019-16375,CVE-2019-18179,CVE-2019-18180,CVE-2019-9752,CVE-2019-9892,CVE-2020-1765,CVE-2020-1766,CVE-2020-1769,CVE-2020-1770,CVE-2020-1771,CVE-2020-1772,CVE-2020-1773
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    otrs-6.0.29-lp152.2.3.4
openSUSE Leap 15.1 (src):    otrs-6.0.29-lp151.2.6.2
openSUSE Backports SLE-15-SP2 (src):    otrs-6.0.29-bp152.2.5.4
openSUSE Backports SLE-15-SP1 (src):    otrs-6.0.29-bp151.3.6.2

Comment 9 Swamp Workflow Management 2020-09-23 13:21:44 UTC

openSUSE-SU-2020:1509-1: An update that fixes 18 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1122560,1137614,1137615,1139406,1141430,1141431,1141432,1156431,1157001,1160663,1168029,1168030,1168031,1168032
CVE References: CVE-2019-10067,CVE-2019-12248,CVE-2019-12497,CVE-2019-12746,CVE-2019-13457,CVE-2019-13458,CVE-2019-16375,CVE-2019-18179,CVE-2019-18180,CVE-2019-9752,CVE-2019-9892,CVE-2020-1765,CVE-2020-1766,CVE-2020-1769,CVE-2020-1770,CVE-2020-1771,CVE-2020-1772,CVE-2020-1773
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    otrs-6.0.29-bp152.2.8.1