CVE-2014-3945

TYPO3 <6.2 - Auth Bypass

Title source: llm

Description

The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash.

References (3)

[Vendor Advisory] http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/

[Third Party Advisory] http://www.debian.org/security/2014/dsa-2942

[Mailing List] http://www.openwall.com/lists/oss-security/2014/06/03/2

Scores

EPSS 0.0020

EPSS Percentile 41.7%

Classification

CWE

CWE-287

Status draft

Affected Products (50)

typo3/typo3 < 6.1.9

typo3/typo3

... and 35 more

Timeline

Published Jun 03, 2014

Tracked Since Feb 18, 2026