GHSA-hhf8-f5w9-g6vh: OpenID Connect Authentication (oidc) Typo3 extension Authentication Bypass

OpenID Connect Authentication (oidc) Typo3 extension Authentication Bypass

Moderate severity GitHub Reviewed Published Apr 2, 2024 to the GitHub Advisory Database • Updated Apr 2, 2024

Package

composer causal/oidc (Composer)

Affected versions

< 2.1.0

Patched versions

2.1.0

Description

The authentication service of the extension does not verify the OpenID Connect authentication state from the user lookup chain. Instead, the authentication service authenticates every valid frontend user from the user lookup chain, where the frontend user field “tx_oidc” is not empty.

In scenarios, where either ext:felogin is active or where $GLOBALS[‘TYPO3_CONF_VARS’][‘FE’][‘checkFeUserPid’] is disabled, an attacker can login to OpenID Connect frontend user accounts by providing a valid username and any password.

References

• https://github.com/FriendsOfPHP/security-advisories/blob/master/causal/oidc/CVE-2024-30173.yaml
• https://typo3.org/security/advisory/typo3-ext-sa-2024-002

Published to the GitHub Advisory Database

Apr 2, 2024

Reviewed

Apr 2, 2024

Last updated

Apr 2, 2024

Severity

Moderate

6.0

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

High

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:F/RL:O/RC:C

Weaknesses

CWE-284

CVE ID

CVE-2024-30173

GHSA ID

GHSA-hhf8-f5w9-g6vh

Source code

xperseguers/t3ext-oidc

Checking history

See something to contribute? Suggest improvements for this vulnerability.