CVE-2017-5619

Published: Mar 13, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.

Affected (5)

Products: Zammad: Zammad

Zammad

1 product

Zammad

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Zammad Zammad	Up to 1.0.3
Zammad Zammad	Version 1.1.0
Zammad Zammad	Version 1.1.1
Zammad Zammad	Version 1.1.2
Zammad Zammad	Version 1.2.0

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

http://www.securityfocus.com/bid/96937

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://zammad.com/de/news/security-advisory-zaa-2017-01

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/96937

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://zammad.com/de/news/security-advisory-zaa-2017-01

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.