CVE-2020-1772: 
Linux Debian vulnerability analysis and mitigation

CVE-2020-1772 is a security vulnerability affecting OTRS (Open Ticket Request System) versions ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions, and OTRS 7.0.15 and prior versions. The vulnerability was discovered in 2020 and allows attackers to craft Lost Password requests with wildcards in the Token value, enabling them to retrieve valid tokens generated by users who had already requested new passwords (OTRS Advisory).

The vulnerability has a CVSS v3.1 score of 6.5 (MEDIUM) with the vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N. This indicates that the vulnerability is network accessible, requires high attack complexity, needs no privileges, requires no user interaction, has unchanged scope, with high confidentiality impact and low integrity impact (OTRS Advisory).

The vulnerability allows an attacker to retrieve valid password reset tokens that were generated by users who had previously requested password resets. This could potentially lead to unauthorized access to user accounts through password reset functionality (OTRS Advisory).

The vulnerability was fixed in OTRS versions 7.0.16, 6.0.27, and 5.0.42. Organizations running affected versions should upgrade to these patched versions. For those unable to upgrade immediately, patches are available for ((OTRS)) Community Edition 6 and 5 through GitHub commits (OTRS Advisory, OpenSUSE).