We found results for “”
WS-2018-0055
Good to know:
Date: April 12, 2016
Authentication Bypass vulnerability in TYPO3 6.2.x before 6.2.20, 7.6.x before 7.6.5 and 8.0.0. The default authentication service misses to invalidate empty strings as password. Therefore it is possible to authenticate backend and frontend users without password set in the database.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Authentication Bypass Using an Alternate Path or Channel
CWE-288Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |