TYPO3 CMS Authentication Bypass vulnerability

2024-05-3013:49:16

CWE-287

GitHub Advisory Database

github.com

typo3

authentication bypass

salted password

php class inheritance

blowfish hashing algorithm

md5

portable php hashing algorithm

6.9 Medium

AI Score

Confidence

Low

JSON

It has been discovered that TYPO3’s Salted Password system extension (which is a mandatory system component) is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing algorithm can be overridden when using MD5 as the default hashing algorithm by just knowing a valid username. Per default the Portable PHP hashing algorithm (PHPass) is used which is not vulnerable.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<7.6.30

typo3cms_poll_system_extensionRange<9.3.2

typo3cms_poll_system_extensionRange<8.7.17

CPENameOperatorVersion
typo3/cms-corelt7.6.30
typo3/cms-corelt9.3.2
typo3/cms-corelt8.7.17

Name	Operator	Version
typo3/cms-core	lt	7.6.30
typo3/cms-core	lt	9.3.2
typo3/cms-core	lt	8.7.17

References

github.com/advisories/GHSA-x4rj-f7m6-42c3

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-07-12-1.yaml

typo3.org/security/advisory/typo3-core-sa-2018-001

6.9 Medium

AI Score

Confidence

Low

JSON