CVE-2014-3944
EPSS 0.19%TYPO3 Improper Session Invalidation
Published: 5/17/2022Modified: 12/8/2024
Also known as:GHSA-9j8h-xrgj-7gw2
Description
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.
Affected packages (1)
- Packagist/typo3/cms>= 6.2.0, < 6.2.3
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-3944
- PATCHhttps://github.com/TYPO3/typo3
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3944.yaml
- WEBhttps://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001
- WEBhttp://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001
- WEBhttp://www.debian.org/security/2014/dsa-2942
- WEBhttp://www.openwall.com/lists/oss-security/2014/06/03/2