TYPO3 Remote Users Bypass Authentication Vulnerability
Last Update Date:
3 Mar 2015 09:45
Release Date:
3 Mar 2015
4046
Views
RISK: Medium Risk
TYPE: Servers - Web Servers
A vulnerability was identified in TYPO3. A remote user can bypass authentication on the target system.
A remote user can exploit a flaw in the rsaauth system extension to bypass authentication.
Impact
- Security Restriction Bypass
System / Technologies affected
- 4.3.0 to 4.3.14
- 4.4.0 to 4.4.15
- 4.5.0 to 4.5.39
- 4.6.0 to 4.6.18
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued a fix (4.5.40) [in Feburary 2015]
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/
Vulnerability Identifier
Source
Related Link
Share with