Improper Authentication in TYPO3 - CVE-2014-3944
Published: June 3, 2014 / Updated: August 10, 2020
Vulnerability identifier: #VU41579
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2014-3944
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: TYPO3
Affected software:
TYPO3
TYPO3
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.
How to mitigate CVE-2014-3944
Install update from vendor's website.