WRITEUP

WRITEUP

Exploit for CVE-2020-11063 - TYPO3 CMS <10.4.1 - Info Disclosure

AI Analysis

This patch addresses a time-based information disclosure vulnerability in TYPO3's backend password reset functionality by introducing a random delay to prevent timing attacks that could reveal whether an email exists in the system.

Attack Type

info_leak

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1592 - Gather Victim Host Information

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/TYPO3/typo3/commit/14929b98ecda0ce67329b0f25ca7c01ee85df574

Authors

Frank Naegler

Vulnerability

CVE-2020-11063

TYPO3 CMS <10.4.1 - Info Disclosure

LOW

CVSS 3.7