Default credentials
An issue was discovered in Deskpro before 2019.8.0. The /api/emailaccounts endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve cleartext credentials of all helpdesk email accounts, including incoming and outgoing email credentials. This enables an attacker to...