{"id":"CVE-2017-5619","details":"An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.","modified":"2026-04-10T04:01:42.473740Z","published":"2017-03-13T06:59:00.293Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/96937"},{"type":"ADVISORY","url":"https://zammad.com/de/news/security-advisory-zaa-2017-01"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zammad/zammad","events":[{"introduced":"0"},{"last_affected":"0d82236e7bb4f7efa5ab6ae58660264862e16e84"},{"introduced":"0"},{"last_affected":"b13bb2fcaf6311ab0ab8470e797a101a260eaaa7"},{"introduced":"0"},{"last_affected":"e0c6eb0ac60ad0c47efb3ae8f2290a463fbdab00"},{"introduced":"0"},{"last_affected":"e9bfcac03148d5382b257ed93dc4f62cc81856c6"},{"introduced":"0"},{"last_affected":"a01cbd60d6f66a53307ea18ff31f743d17707d05"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.3"},{"introduced":"0"},{"last_affected":"1.1.0"},{"introduced":"0"},{"last_affected":"1.1.1"},{"introduced":"0"},{"last_affected":"1.1.2"},{"introduced":"0"},{"last_affected":"1.2.0"}]}}],"versions":["1.0.0","1.0.1","1.0.2","1.0.3","1.1.0","1.1.1","1.1.2","1.2.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5619.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}