CVE-2022-32741 Information

Description

Attacker is able to determine if the provided username exists (and it’s valid) using Request New Password feature based on the response time.

Reference

https://otrs.com/release-notes/otrs-security-advisory-2022-09/