GitHub Advisory DatabaseGHSA-CGR9-H9QQ-X9FXTYPO3 Authentication Bypass via Salted user password hashes extension
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.8%
Withdrawn: typo3/cms-saltedpasswords is not the correct package.
See: https://github.com/github/advisory-database/pull/3488
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| typo3/cms-saltedpasswords | lt | 0.2.13 |
References
typo3.org/extensions/repository/view/t3sec_saltedpw/0.2.13
typo3.org/teams/security/security-bulletins/typo3-sa-2010-006
github.com/advisories/GHSA-cgr9-h9qq-x9fx
nvd.nist.gov/vuln/detail/CVE-2010-1022
web.archive.org/web/20101125125343/secunia.com/advisories/38992
web.archive.org/web/20200228221050/www.securityfocus.com/bid/38799
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.8%