4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
66.4%
The Authentication component in TYPO3 before 6.2, when salting for password
hashing is disabled, does not require knowledge of the cleartext password
if the password hash is known, which allows remote attackers to bypass
authentication and gain access to the backend by leveraging knowledge of a
password hash.
typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
www.debian.org/security/2014/dsa-2942
www.openwall.com/lists/oss-security/2014/06/03/2
launchpad.net/bugs/cve/CVE-2014-3945
nvd.nist.gov/vuln/detail/CVE-2014-3945
security-tracker.debian.org/tracker/CVE-2014-3945
www.cve.org/CVERecord?id=CVE-2014-3945