Lucene search

K
typo3TYPO3 AssociationTYPO3-CORE-SA-2020-001
HistoryMay 12, 2020 - 12:00 a.m.

Information Disclosure in Password Reset

2020-05-1200:00:00
TYPO3 Association
typo3.org
10

0.001 Low

EPSS

Percentile

36.0%

It has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to verify whether a backend user account with a given email address exists or not.

CPENameOperatorVersion
typo3 cmsge10.4.0
typo3 cmsle10.4.1

0.001 Low

EPSS

Percentile

36.0%