PT-2020-16357 · Typo3 · Typo3
Helmut Hummel
·
Published
2020-11-23
·
Updated
2024-03-06
·
CVE-2020-26228
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions prior to 9.5.23
TYPO3 versions prior to 10.4.10
Description
The issue concerns user session identifiers being stored in cleartext without additional cryptographic hashing algorithms. This cannot be exploited directly and occurs in combination with a chained attack, such as SQL injection in another system component.
Recommendations
Update to TYPO3 version 9.5.23 to resolve the issue.
Update to TYPO3 version 10.4.10 to resolve the issue.
Exploit
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3