CVE-2015-2047
TYPO3 4.3.0-4.3.14, 4.4.0-4.4.15, 4.5.0-4.5.39, 4.6.0-4.6.18 - Authentication Bypass via RSAAuth
Title source: llmDescription
The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/72763
Various Sources x_refsource_confirm
https://review.typo3.org/#/c/37013/
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1031824
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/02/22/4
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/02/22/8
Vendor Advisory x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3164
Scores
EPSS
0.0077
EPSS Percentile
73.7%
Details
CWE
CWE-287
Status
published
Products (50)
debian/debian_linux
7.0
typo3/typo3
4.3.0
typo3/typo3
4.3.1
typo3/typo3
4.3.2
typo3/typo3
4.3.3
typo3/typo3
4.3.4
typo3/typo3
4.3.5
typo3/typo3
4.3.6
typo3/typo3
4.3.7
typo3/typo3
4.3.8
... and 40 more
Published
Feb 23, 2015
Tracked Since
Feb 18, 2026