An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.
The forums are now OPEN AGAIN!
We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.
Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.