Description
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.
References (3)
Core 3
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2942
Vendor Advisory x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/06/03/2
Scores
EPSS
0.0019
EPSS Percentile
40.1%
Details
CWE
CWE-287
Status
published
Products (5)
typo3/cms
6.2.0 - 6.2.3Packagist
typo3/typo3
6.2
typo3/typo3
6.2.0 beta1 (3 CPE variants)
typo3/typo3
6.2.1
typo3/typo3
6.2.2
Published
Jun 03, 2014
Tracked Since
Feb 18, 2026