Summary
This host is installed with TYPO3 and is prone to authentication bypass vulnerability.
Impact
Successful exploitation will allow remote attackers to directly authenticate to a backend users account without needing any knowledge of the password.
Impact Level: Application
Solution
Upgrade to TYPO3 6.2 or later,
For updates refer to http://typo3.org
Insight
The flaw is triggered as the program stores passwords for backend access as MD5 hashes in the database.
Affected
TYPO3 versions prior to 6.2
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-3945 -
CVSS Base Score: 4.0
AV:N/AC:H/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Adobe JRun Management Console Multiple Vulnerabilities
- AN Guestbook Local File Inclusion Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability