FreeBSD : otrs -- CSRF issue in customer web interface (080c5370-886a-11e3-9533-60a44c524f57)
High Nessus Plugin ID 72193
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe OTRS Project reports :
An attacker that managed to take over the session of a logged in customer could create tickets and/or send follow-ups to existing tickets due to missing challenge token checks.
SolutionUpdate the affected package.