WEB APPLICATION VULNERABILITIES Standard & Premium

TYPO3 Improper Authentication Vulnerability (CVE-2015-2047)

Description

The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.

Remediation

References

Related Vulnerabilities

WordPress Plugin Duplicate Page Unspecified Vulnerability (3.5)

OpenSSL Cryptographic Issues Vulnerability (CVE-2013-0166)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-0324)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-20416)

WordPress Plugin Simple Admin Language Change Security Bypass (2.0.1)

Severity

Low

Classification

CVE-2015-2047 CWE-287

Tags

Missing Update Known Vulnerabilities