CVE-2017-5619

2017-03-1306:59:00

Google

osv.dev

7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.2%

JSON

An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.

CPENameOperatorVersion
zammadeq1.0.0
zammadeq1.0.3
zammadeq1.1.0
zammadeq1.0.2
zammadeq1.0.1

Name	Operator	Version
zammad	eq	1.0.0
zammad	eq	1.0.3
zammad	eq	1.1.0
zammad	eq	1.0.2
zammad	eq	1.0.1

References

www.securityfocus.com/bid/96937

zammad.com/de/news/security-advisory-zaa-2017-01