{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "1.0.3" }, { "introduced": "0" }, { "last_affected": "1.1.0" }, { "introduced": "0" }, { "last_affected": "1.1.1" }, { "introduced": "0" }, { "last_affected": "1.1.2" }, { "introduced": "0" }, { "last_affected": "1.2.0" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "0d82236e7bb4f7efa5ab6ae58660264862e16e84" }, { "introduced": "0" }, { "last_affected": "b13bb2fcaf6311ab0ab8470e797a101a260eaaa7" }, { "introduced": "0" }, { "last_affected": "e0c6eb0ac60ad0c47efb3ae8f2290a463fbdab00" }, { "introduced": "0" }, { "last_affected": "e9bfcac03148d5382b257ed93dc4f62cc81856c6" }, { "introduced": "0" }, { "last_affected": "a01cbd60d6f66a53307ea18ff31f743d17707d05" } ], "repo": "https://github.com/zammad/zammad", "type": "GIT" } ] } ], "details": "An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.", "id": "CVE-2017-5619", "modified": "2026-03-13T21:48:11.454941229Z", "published": "2017-03-13T06:59:00.293Z", "references": [ { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/96937" }, { "type": "ADVISORY", "url": "https://zammad.com/de/news/security-advisory-zaa-2017-01" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }