Description

The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.

Remediation

References

CVE-2014-3944

Related Vulnerabilities

MyBB Other Vulnerability (CVE-2007-1964)

MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-6664)

Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-5591)

MySQL CVE-2022-21249 Vulnerability (CVE-2022-21249)

WordPress Plugin Database Backup for WordPress 'edit.php' Directory Traversal (1.7)

Severity

Medium

Classification

CVE-2014-3944 CWE-287

Tags

Missing Update Known Vulnerabilities