CVE-2017-6370

MEDIUM

TYPO3 7.6.15 - Cleartext Transmission of Sensitive Information via Login Provider Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-6370. PoCs published by faizzaidi.

AI-analyzed exploit summary This repository contains a README file describing an unencrypted login request vulnerability in TYPO3 v7.6.15, assigned CVE-2017-6370. No exploit code or technical details are provided.

Description

TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.

Exploits (1)

nomisec WRITEUP 2 stars

by faizzaidi · poc

https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request

View Code ZIP pw:eip

This repository contains a README file describing an unencrypted login request vulnerability in TYPO3 v7.6.15, assigned CVE-2017-6370. No exploit code or technical details are provided.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: TYPO3 v7.6.15

No auth needed

Prerequisites: Network access to observe unencrypted login requests

MITRE ATT&CK

T1040 - Network Sniffing

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/97071

Exploit, Third Party Advisory x_refsource_misc

https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request

Scores

CVSS v3 5.3

EPSS 0.0099

EPSS Percentile 57.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-319

Status published

Products (2)

typo3/cms Packagist

typo3/typo3 7.6.15

Published Mar 17, 2017

Tracked Since Feb 18, 2026