PT-2024-40518 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue concerns an Authentication Bypass in the Salted Password system extension of TYPO3. This occurs when using hashing methods related by PHP class inheritance. Specifically, stored...

SA-CONTRIB-2011-026 - Secure Password Hashes (phpass) - Multiple Vulnerabilities

This module uses the PHPass hashing library to try to store users hashed passwords securely. The module sets a fixed string for the 'pass' column in the users database column but does not replace the pass attribute of the account object used for password reset links. This leads to a vulnerability...