CVE-2010-1022

2022-10-0316:20:59

CWE-287

[email protected]

web.nvd.nist.gov

cve-2010-1022

typo3

security

salted user password hashes

t3sec_saltedpw

authentication bypass

remote attack

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.8%

JSON

The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors.

Affected configurations

NVD

Node

marcus_krauset3sec_saltedpwRange≤0.2.12

marcus_krauset3sec_saltedpwMatch0.2.8

marcus_krauset3sec_saltedpwMatch0.2.9

marcus_krauset3sec_saltedpwMatch0.2.10

marcus_krauset3sec_saltedpwMatch0.2.11

AND

typo3typo3

CPENameOperatorVersion
marcus_krause:t3sec_saltedpwmarcus krause t3sec saltedpwle0.2.12
marcus_krause:t3sec_saltedpwmarcus krause t3sec saltedpweq0.2.8
marcus_krause:t3sec_saltedpwmarcus krause t3sec saltedpweq0.2.9
marcus_krause:t3sec_saltedpwmarcus krause t3sec saltedpweq0.2.10
marcus_krause:t3sec_saltedpwmarcus krause t3sec saltedpweq0.2.11

CPE	Name	Operator	Version
marcus_krause:t3sec_saltedpw	marcus krause t3sec saltedpw	le	0.2.12
marcus_krause:t3sec_saltedpw	marcus krause t3sec saltedpw	eq	0.2.8
marcus_krause:t3sec_saltedpw	marcus krause t3sec saltedpw	eq	0.2.9
marcus_krause:t3sec_saltedpw	marcus krause t3sec saltedpw	eq	0.2.10
marcus_krause:t3sec_saltedpw	marcus krause t3sec saltedpw	eq	0.2.11