PT-2009-1005 · Typo3 · Typo3
Marcus Krause
·
Published
2009-01-22
·
Updated
2022-05-02
·
CVE-2009-0256
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions 4.0.0 through 4.0.9
TYPO3 versions 4.1.0 through 4.1.7
TYPO3 versions 4.2.0 through 4.2.3
Description
The issue concerns a session fixation vulnerability in the authentication library. This vulnerability allows remote attackers to hijack web sessions via unspecified vectors related to frontend and backend authentication. The vulnerability may lead to a breach of confidentiality, integrity, and availability of protected information and can be exploited remotely.
Recommendations
For versions 4.0.0 through 4.0.9, update to a version outside of this range to mitigate the risk.
For versions 4.1.0 through 4.1.7, update to a version outside of this range to mitigate the risk.
For versions 4.2.0 through 4.2.3, update to a version outside of this range to mitigate the risk.
As a temporary workaround, consider restricting access to the authentication library until a patch is available.
Fix
Session Fixation
Improper Authentication
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Typo3