Lucene search
K

30 matches found

CVE
CVE
added 2022/10/10 12:0 a.m.54 views

CVE-2022-2891

The CVE-2022-2891 entry documents a time-based side-channel attack in the WP 2FA WordPress plugin prior to version 2.3.0. The vulnerability arises from comparison operators that do not mitigate timing differences, potentially leaking information about authentication codes during comparison. Affec...

5.9CVSS5.6AI score0.00747EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/07/13 12:0 a.m.28 views

TYPO3 10.4.x < 10.4.2 Information Disclosure (TYPO3-CORE-SA-2020-001)

The version of TYPO3 installed on the remote host is 10.4.x prior to 10.4.2. It is, therefore, affected by an information disclosure vulnerability in its password reset component due to a failure to defend against time-based attacks. An unauthenticated, remote attacker can exploit this, to...

4.3CVSS5.2AI score0.01188EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/05/15 12:0 a.m.21 views

TYPO3 10.4.x < 10.4.2 Information Disclosure Vulnerability (TYPO3-CORE-SA-2020-001)

TYPO3 is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; if...

4.3CVSS4.2AI score0.01188EPSS
Exploits0References2
NVD
NVD
added 2020/05/13 11:15 p.m.25 views

CVE-2020-11063

In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2...

4.3CVSS4.5AI score0.01188EPSS
Exploits0References3
OSV
OSV
added 2020/05/13 11:15 p.m.13 views

CVE-2020-11063

In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2...

3.7CVSS4.2AI score0.01188EPSS
Exploits0References3
Prion
Prion
added 2020/05/13 11:15 p.m.17 views

Default credentials

In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2...

4.3CVSS4.5AI score0.01188EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/13 10:19 p.m.70 views

Information Disclosure in Password Reset

In TYPO3 CMS 10.4.0 through 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2...

4.3CVSS3.2AI score0.01188EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2020/05/13 10:19 p.m.14 views

GHSA-347X-877P-HCWX Information Disclosure in Password Reset

In TYPO3 CMS 10.4.0 through 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2...

3.7CVSS4.2AI score0.01188EPSS
Exploits0References8
Typo3
Typo3
added 2020/05/12 12:0 a.m.24 views

Information Disclosure in Password Reset

It has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to verify whether a backend user account with a given email address exists or not...

4.3CVSS4AI score0.01188EPSS
Exploits0Affected Software1
FreeBSD
FreeBSD
added 2020/05/12 12:0 a.m.62 views

typo3 -- multiple vulnerabilities

Typo3 News: CVE-2020-11063: TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset It has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to verify whether a backend user account with a given email...

10CVSS6.5AI score0.0199EPSS
Exploits0References9
Rows per page
Query Builder