Home > Vulnerability Database > WS-2018-0064

Mend.io Vulnerability Database

WS-2018-0064

Good to know:

Date: February 23, 2010

Authentication Bypass vulnerability in TYPO3 4.3.x before 4.3.2. When using system extension "saltedpasswords" under certain circumstances, an attacker doesn't need to know the original clear text password to successfully log in as a frontend user.

Language: PHP

Severity Score

6.5

Related Resources (3)

Url: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-004/

Url: https://github.com/TYPO3/TYPO3.CMS/commit/1e2686f5f9f00d7c72d36c487760e10f46a3e2f3

Url: https://www.mend.io/vulnerability-database/WS-2018-0064

Severity Score

6.5

Weakness Type (CWE)

Authentication Bypass Using an Alternate Path or Channel

CWE-288

Top Fix

Upgrade Version

Upgrade to version TYPO3_4-3-2

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2018-0064

Good to know:

Date: February 23, 2010

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?