Any known common security vulnerabilities?

SVik

I am trying to set up osTicket v1.18.2 for a client. I am personally inexperienced with web security. I have disabled the client panel (via redirect), since in our use case, tickets are only going to be submitted directly by agents based on phone calls from customers. However, my client is concerned that the login form for the agent panel may be vulnerable to security flaws ( they probably just asked ChatGPT if there were any security flaws). Is there any chance that the login form page is vulnerable to attacks like SQL injection, or any other common type of security vulnerability? Thanks.

KevinTheJedi

SVik

If there were we’d have a patch for it. Any time we get a report we work on addressing it as soon as possible. So nothing to worry about. Plus there are many things they can do to further protect like enable 2FA, setting up Password Policies, and even setting up external auth via SSO (OAuth2 or LDAP).

Cheers.

Daedalus01

If the site is available externally, you can use a couple websites to scan your site for free to tell you how it stands too. Quallys SSL Labs and Securityheaders.com. They will give you a score back and also tell you what areas you are lacking in to improve your site security.