CVE-2020-26034 in Zammadinfo

Summary

by MITRE • 12/28/2020

An account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized as associated with a valid user.

Be aware that VulDB is the high quality source for vulnerability data.

Disclosure

12/28/2020

Moderation

accepted

CPE

ready

EPSS

0.00720

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!