Description

The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.

Remediation

References

CVE-2015-2047

Related Vulnerabilities

Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2020-9664)

WordPress Plugin WP-Lister Lite for Amazon Directory Traversal (0.9.6.35)

Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2016-7137)

MediaWiki Improper Input Validation Vulnerability (CVE-2021-31555)

WebLogic CVE-2021-2204 Vulnerability (CVE-2021-2204)

Severity

Low

Classification

CVE-2015-2047 CWE-287

Tags

Missing Update Known Vulnerabilities