Main Vulnerability Database Vulnerabilities #VU5903

Authentication bypass in TYPO3 - #VU5903

Published: March 1, 2017 / Updated: March 1, 2017

Vulnerability identifier: #VU5903

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: TYPO3

Affected software:
TYPO3

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists in TYPO3 CMS due to late TCA initialization when authenticating users. A remote attacker with disabled account can bypass authentication process and successfully login to the web application.

Successful exploitation of the vulnerability may allow an attacker with deactivated / disabled accounts to bypass authentication process and login to the website.

Remediation

Update to TYPO3 version 8.6.1

Sources

https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-002/

Authentication bypass in TYPO3 - #VU5903

Detailed vulnerability description

Remediation

Sources

Please verify you're human