TYPO3 Backend Username Disclosure Vulnerability Network Vulnerability

Summary

This host is installed with TYPO3 and is prone to username disclosure vulnerability.

Impact

Successful exploitation will allow remote attackers to obtain valid usernames. Impact Level: Application

Solution

Upgrade to TYPO3 version 4.3.12, 4.4.9 or 4.5.4 or later, For updates refer to http://typo3.org

Insight

An error exists in application, which returns a different response for incorrect authentication attempts depending on whether or not the username is incorrect

Affected

TYPO3 version before 4.3.11 and below, 4.4.8 and below, 4.5.3 and below

Detection

Send a Crafted HTTP POST request and check whether it is able to get sensitive information.

References

http://osvdb.org/74358
http://secunia.com/advisories/45557/
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-CORE-sa-2011-001

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
Arkeia Appliance Path Traversal Vulnerability
ATutor password reminder SQL injection
Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
Adobe ColdFusion Multiple Vulnerabilities-01 May-2014

Take action and discover your vulnerabilities