Session ID, password and password reset token security issue
A logged in user can guess session IDs, password reset tokens and generated passwords of other users/sessions.
Upgrade to the latest available OTRS patch level (https://ftp.otrs.org/pub/otrs/).
The official fix for this issue changes 60 files in OTRS. Therefore, there is no workaround. Your OTRS installation must be updated to version 6.0.27 or 5.0.42.
ATTENTION: Please check if you have any files in your OTRS installation that have been changed by additional add-ons. In that case you MUST NOT update your OTRS. Please contact us instead.