Security
Headlines

Headlines Latest CVEs

Headline

GHSA-6f9m-v7mp-7jjq: Authentication Bypass in TYPO3 CMS

It has been discovered that TYPO3’s Salted Password system extension (which is a mandatory system component) is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing algorithm can be overridden when using MD5 as the default hashing algorithm by just knowing a valid username. Per default the Portable PHP hashing algorithm (PHPass) is used which is not vulnerable.

5 months ago

#git #php #auth

GitHub Advisory Database
GitHub Reviewed
GHSA-6f9m-v7mp-7jjq

Authentication Bypass in TYPO3 CMS

Moderate severity GitHub Reviewed Published Jun 5, 2024 to the GitHub Advisory Database • Updated Jun 5, 2024

Package

Affected versions

>= 7.0.0, < 7.6.30

>= 8.0.0, < 8.7.17

>= 9.0.0, < 9.3.2

Patched versions

7.6.30

8.7.17

9.3.2

Published to the GitHub Advisory Database

Jun 5, 2024

ghsa: Latest News

GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname

12 hours ago

GHSA-7mr7-4f54-vcx5: HTTP Client uses incorrect token after refresh

12 hours ago

GHSA-hfq9-hggm-c56q: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

12 hours ago

GHSA-2w5v-x29g-jw7j: Hashicorp Nomad Incorrect Authorization vulnerability

13 hours ago

GHSA-3m9x-2qfj-xvq4: PHPExcel XXE Vulnerability

17 hours ago