Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
typo3TYPO3 AssociationTYPO3-CORE-SA-2015-001
HistoryFeb 19, 2015 - 12:00 a.m.

Authentication Bypass in TYPO3 CMS 4.5

2015-02-1900:00:00
TYPO3 Association
typo3.org
213

0.007 Low

EPSS

Percentile

77.2%

JSON

It has been discovered that TYPO3 CMS 4.5.x is vulnerable to Authentication Bypass.

Component Type: TYPO3 CMS

Vulnerability Types: Authentication Bypass

Overall Severity: Critical

Release Date: February 19, 2015

Bulletin Update: February 23, 2015 (added CVE)

Vulnerable subcomponent: rsaauth system extension

Vulnerability Type: Authentication Bypass

Affected Versions: Versions 4.3.0 to 4.3.14, 4.4.0 to 4.4.15, 4.5.0 to 4.5.39 and 4.6.0 to 4.6.18

Severity: Critical

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:F/RL:O/RC:C

CVE: CVE-2015-2047

Problem Description: It has been discovered that TYPO3 CMS is vulnerable to Authentication Bypass. Frontend users can be authenticated by only knowing their username.

TYPO3 installations are affected, ifall of the following applies:

  • TYPO3 Version 4.3.0 to 4.3.14, 4.4.0 to 4.4.15, 4.5.0 to 4.5.39 or 4.6.0 to 4.6.18

  • users/access restricted frontend area (frontend login)

  • system extension rsaauth is loaded * system extension rsaauth isconfigured for frontend usage like that:

    $GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel'] = 'rsa'

TYPO3 installations are not affected, if**at least one **of the following applies:

  • TYPO3 Version 4.7.0 or higher

  • no users/access restricted frontend area (TYPO3 Backend authentication is not affected)

  • system extension rsaauth is not loaded (default)

  • system extension rsaauth is** not configured** for frontend usage like that (default):

    $GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel'] = 'rsa'

Solution: Update to TYPO3 version 4.5.40 that fixes the problem described. Alternatively use the provided shell script to patch all affected TYPO3 versions (all between 4.3 and 4.6) that are found in a specified directory or use the diff file to patch the installations manually.

Important Note: Updating or patching your installations to fix thisCRITICALvulnerability isSTRONGLY ADVISED!

Credits: Thanks to Pierrick Caillon who discovered and reported the vulnerability and to Security Team Member Nicole Cordes for developing a fix and providing the shell script.

General Advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

General Note: All security related code changes are tagged so that you can easily look them up on our review system.

CPENameOperatorVersion
typo3le4.3.14
typo3le4.4.15
typo3le4.6.18
typo3le4.5.39

Related

cve 1
nessus 2
ubuntucve 1
cvelist 1
openvas 3
prion 1
cve
cve
CVE-2015-2047
2015-02-23 17:59:03
nessus
nessus
Debian DSA-3164-1 : typo3-src - security update
2015-02-24 00:00:00
openSUSE Security Update : typo3-cms-4_5 (openSUSE-2016-1022)
2016-08-30 00:00:00
ubuntucve
ubuntucve
CVE-2015-2047
2015-02-23 00:00:00
cvelist
cvelist
CVE-2015-2047
2015-02-23 17:00:00
openvas
openvas
Debian Security Advisory DSA 3164-1 (typo3-src - security update)
2015-02-21 00:00:00
TYPO3 'rsaauth' extension Authentication Bypass Vulnerability (SA-2015-001)
2015-03-02 00:00:00
Debian: Security Advisory (DSA-3164-1)
2015-02-20 00:00:00
prion
prion
Authentication flaw
2015-02-23 17:59:00

0.007 Low

EPSS

Percentile

77.2%

JSON
Related for TYPO3-CORE-SA-2015-001
cve1nessus2ubuntucve1cvelist1openvas3prion1