CVE-2014-3945

Name of the Vulnerable Software and Affected Versions TYPO3 versions prior to 6.2

Description The issue concerns the Authentication component in TYPO3. When salting for password hashing is disabled, it does not require knowledge of the cleartext password if the password hash is known. This allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash.

Recommendations For versions prior to 6.2, update to version 6.2 or later to resolve the issue. As a temporary workaround, consider enabling salting for password hashing to minimize the risk of exploitation.