CVE-2014-3945

EPSS 0.20%

TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash

發布日:2022/5/17修改日:2025/4/14

描述

The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash.

受影響套件(1)

Packagist/typo3/cmsfrom 0, < 6.2.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-3945
PATCHhttps://github.com/TYPO3/typo3
WEBhttps://typo3.org/security/advisory/typo3-core-sa-2014-001
WEBhttp://www.debian.org/security/2014/dsa-2942
WEBhttp://www.openwall.com/lists/oss-security/2014/06/03/2