CVE-2017-6370

Name of the Vulnerable Software and Affected Versions TYPO3 version 7.6.15

Description The issue allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields. This occurs when TYPO3 sends an HTTP request to an "index.php?loginProvider" URI in cases with an HTTPS Referer.

Recommendations For TYPO3 version 7.6.15, consider updating to a newer version that addresses this issue, as sending sensitive information over HTTP can be exploited by sniffing the network. At the moment, there is no information about a newer version that contains a fix for this vulnerability.