Описание
In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not when using the API directly.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
EPSS
4.8 Medium
CVSS3
8.8 High
CVSS3
Дефекты
Связанные уязвимости
In Zammad 6.4.x before 6.4.2, there is client-side enforcement of serv ...
In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not when using the API directly.
EPSS
4.8 Medium
CVSS3
8.8 High
CVSS3