GHSA-53MM-HX32-6475 TYPO3 vulnerable to Insufficient Session Expiration

An issue was discovered in the fechangepwd aka Change password for frontend users extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed...

TYPO3 vulnerable to Insufficient Session Expiration

An issue was discovered in the fechangepwd aka Change password for frontend users extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed...

CVE-2022-47406

An issue was discovered in the fechangepwd aka Change password for frontend users extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed...

CVE-2022-47406

The TYPO3 fe_change_pwd extension (versions ≤ 2.0.5 and 3.x ≤ 3.0.3) is affected: when a user changes their password, existing sessions are not revoked. Root cause: the extension fails to revoke current user sessions after password change. Impact as described in sources is user sessions remaining...