Cleartext storage of session identifier

2020-11-17T00:00:00
ID TYPO3-CORE-SA-2020-011
Type typo3
Reporter TYPO3 Association
Modified 2020-11-17T00:00:00

Description

User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system.