2 matches found
TYPO3 CMS Stores Cleartext Password in User Settings Module
Problem The backend user settings module SetupModuleController incorrectly conflates entity data like passwords or email address with user-interface settings like theme, display options when persisting changes. As a result, passwords were stored in cleartext in the uc and usersettings fields of t...
Cleartext Storage of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the SetupModuleController module merging entity data with user-interface settings before storing them in DB. An attacker can obtain sensitive user credentials by accessing the uc and...