30 matches found
CVE-2022-2891
The CVE-2022-2891 entry documents a time-based side-channel attack in the WP 2FA WordPress plugin prior to version 2.3.0. The vulnerability arises from comparison operators that do not mitigate timing differences, potentially leaking information about authentication codes during comparison. Affec...
TYPO3 10.4.x < 10.4.2 Information Disclosure (TYPO3-CORE-SA-2020-001)
The version of TYPO3 installed on the remote host is 10.4.x prior to 10.4.2. It is, therefore, affected by an information disclosure vulnerability in its password reset component due to a failure to defend against time-based attacks. An unauthenticated, remote attacker can exploit this, to...
TYPO3 10.4.x < 10.4.2 Information Disclosure Vulnerability (TYPO3-CORE-SA-2020-001)
TYPO3 is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; if...
CVE-2020-11063
In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2...
CVE-2020-11063
In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2...
Default credentials
In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2...
Information Disclosure in Password Reset
In TYPO3 CMS 10.4.0 through 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2...
GHSA-347X-877P-HCWX Information Disclosure in Password Reset
In TYPO3 CMS 10.4.0 through 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2...
Information Disclosure in Password Reset
It has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to verify whether a backend user account with a given email address exists or not...
typo3 -- multiple vulnerabilities
Typo3 News: CVE-2020-11063: TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset It has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to verify whether a backend user account with a given email...