[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249982

 
 

909

 
 

195748

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-2047Date: (C)2015-02-25   (M)2023-12-22


The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.6
Exploit Score: 4.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1031824
BID-72763
DSA-3164
http://www.openwall.com/lists/oss-security/2015/02/22/4
http://www.openwall.com/lists/oss-security/2015/02/22/8
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/
https://review.typo3.org/#/c/37013/
openSUSE-SU-2016:2169

CPE    92
cpe:/a:typo3:typo3:4.6.9
cpe:/a:typo3:typo3:4.6.8
cpe:/a:typo3:typo3:4.4.9
cpe:/a:typo3:typo3:4.6.7
...
CWE    1
CWE-287

© SecPod Technologies