TYPO3 Information Disclosure in User Authentication

2024-05-3018:15:08

CWE-256

GitHub Advisory Database

github.com

typo3

information disclosure

user authentication

plain-text credentials

security

7.3 High

AI Score

Confidence

Low

It has been discovered that login failures have been logged on the default stream with log level “warning” including plain-text user credentials.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<9.5.6

CPENameOperatorVersion
typo3/cms-corelt9.5.6

CPE	Name	Operator	Version
	typo3/cms-core	lt	9.5.6

github.com/advisories/GHSA-wj85-rg5g-v8jm

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2019-05-07-5.yaml

github.com/TYPO3-CMS/core/commit/ac0565b7a539398a07adf21f04f85cd2574817d2

typo3.org/security/advisory/typo3-core-sa-2019-010

7.3 High

AI Score

Confidence

Low