CVE-2017-5619

2017-03-1306:14:00

mitre

www.cve.org

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.2%

JSON

An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.

References

www.securityfocus.com/bid/96937

zammad.com/de/news/security-advisory-zaa-2017-01