icon

We found results for “

WS-2018-0055

Good to know:

icon

Date: April 12, 2016

Authentication Bypass vulnerability in TYPO3 6.2.x before 6.2.20, 7.6.x before 7.6.5 and 8.0.0. The default authentication service misses to invalidate empty strings as password. Therefore it is possible to authenticate backend and frontend users without password set in the database.

Language: PHP

Severity Score

Severity Score

Weakness Type (CWE)

Authentication Bypass Using an Alternate Path or Channel

CWE-288

Top Fix

icon

Upgrade Version

Upgrade to version TYPO3_6-2-20,TYPO3_7-6-5,TYPO3_8-0-1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us