Lucene search

[email protected]CVE-2015-2047

HistoryFeb 23, 2015 - 5:59 p.m.

CVE-2015-2047

2015-02-2317:59:03

CWE-287

[email protected]

web.nvd.nist.gov

typo3

rsaauth

extension

authentication bypass

cve-2015-2047

nvd

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

7 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.7%

JSON

The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.

Affected configurations

NVD

Node

typo3typo3Match4.3.0

typo3typo3Match4.3.1

typo3typo3Match4.3.2

typo3typo3Match4.3.3

typo3typo3Match4.3.4

typo3typo3Match4.3.5

typo3typo3Match4.3.6

typo3typo3Match4.3.7

typo3typo3Match4.3.8

typo3typo3Match4.3.9

typo3typo3Match4.3.10

typo3typo3Match4.3.11

typo3typo3Match4.3.12

typo3typo3Match4.3.13

typo3typo3Match4.3.14

typo3typo3Match4.4.0

typo3typo3Match4.4.1

typo3typo3Match4.4.2

typo3typo3Match4.4.3

typo3typo3Match4.4.4

typo3typo3Match4.4.5

typo3typo3Match4.4.6

typo3typo3Match4.4.7

typo3typo3Match4.4.8

typo3typo3Match4.4.9

typo3typo3Match4.4.10

typo3typo3Match4.4.11

typo3typo3Match4.4.12

typo3typo3Match4.4.13

typo3typo3Match4.4.14

typo3typo3Match4.4.15

typo3typo3Match4.5.0

typo3typo3Match4.5.1

typo3typo3Match4.5.2

typo3typo3Match4.5.3

typo3typo3Match4.5.4

typo3typo3Match4.5.5

typo3typo3Match4.5.6

typo3typo3Match4.5.7

typo3typo3Match4.5.8

typo3typo3Match4.5.9

typo3typo3Match4.5.10

typo3typo3Match4.5.11

typo3typo3Match4.5.12

typo3typo3Match4.5.13

typo3typo3Match4.5.14

typo3typo3Match4.5.15

typo3typo3Match4.5.16

typo3typo3Match4.5.17

typo3typo3Match4.5.18

typo3typo3Match4.5.19

typo3typo3Match4.5.20

typo3typo3Match4.5.21

typo3typo3Match4.5.22

typo3typo3Match4.5.23

typo3typo3Match4.5.24

typo3typo3Match4.5.25

typo3typo3Match4.5.26

typo3typo3Match4.5.27

typo3typo3Match4.5.28

typo3typo3Match4.5.29

typo3typo3Match4.5.30

typo3typo3Match4.5.31

typo3typo3Match4.5.32

typo3typo3Match4.5.33

typo3typo3Match4.5.34

typo3typo3Match4.5.35

typo3typo3Match4.5.36

typo3typo3Match4.5.37

typo3typo3Match4.5.38

typo3typo3Match4.5.39

typo3typo3Match4.6

typo3typo3Match4.6.0

typo3typo3Match4.6.1

typo3typo3Match4.6.2

typo3typo3Match4.6.3

typo3typo3Match4.6.4

typo3typo3Match4.6.5

typo3typo3Match4.6.6

typo3typo3Match4.6.7

typo3typo3Match4.6.8

typo3typo3Match4.6.9

typo3typo3Match4.6.10

typo3typo3Match4.6.11

typo3typo3Match4.6.12

typo3typo3Match4.6.13

typo3typo3Match4.6.14

typo3typo3Match4.6.15

typo3typo3Match4.6.16

typo3typo3Match4.6.17

typo3typo3Match4.6.18

Node

debiandebian_linuxMatch7.0

CPENameOperatorVersion
typo3:typo3typo3eq4.3.0
typo3:typo3typo3eq4.3.1
typo3:typo3typo3eq4.3.2
typo3:typo3typo3eq4.3.3
typo3:typo3typo3eq4.3.4
typo3:typo3typo3eq4.3.5
typo3:typo3typo3eq4.3.6
typo3:typo3typo3eq4.3.7
typo3:typo3typo3eq4.3.8
typo3:typo3typo3eq4.3.9

CPE	Name	Operator	Version
typo3:typo3	typo3	eq	4.3.0
typo3:typo3	typo3	eq	4.3.1
typo3:typo3	typo3	eq	4.3.2
typo3:typo3	typo3	eq	4.3.3
typo3:typo3	typo3	eq	4.3.4
typo3:typo3	typo3	eq	4.3.5
typo3:typo3	typo3	eq	4.3.6
typo3:typo3	typo3	eq	4.3.7
typo3:typo3	typo3	eq	4.3.8
typo3:typo3	typo3	eq	4.3.9