scream wrote:

Reported upstream to the OTRS security contact. I'll post here the result. Also, I've informed TStarling of the upstream report, just in case this *is* a local configuration issue.

core wrote:

Upstream per TStarling.

gnu1742 wrote:

Could any information about the progress of this bug be posted on the otrs-wiki? This is a security-issue concerning the privacy of all OTRS-Agents, so a mere 'Resolved, Resolution Later' is a bit poor as the only progress within 2 weeks.

What's the status on this?

I'd like to assume whatever it was got fixed, but... asking is better.

I would file a followup in the internal RT tracker, but my password appears to have been lost and there's no reset system so I can't get in.

Maybe it would help to update OTRS to the latest version *hides* It's on the xmas wishlist of the OTRS team.

Bumping up priority, though I'm not sure what the issue is since I don't currently have access to OTRS wiki.

...and after further investigation, it appears this one was fixed shortly after it was reported.