PT-2020-17053 · Typo3 · Ext:Felogin+2
Thomas Deuling
·
Published
2020-11-18
·
Updated
2020-12-02
·
CVE-2020-28917
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
view statistics extension versions prior to 2.0.1 for TYPO3
Description
An issue in the view statistics extension saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data, such as cleartext passwords if ext:felogin is installed, may be saved.
Recommendations
For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider disabling the view statistics extension until a patch is available. Restrict access to sensitive data and consider removing any saved sensitive information from the database.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3
Ext:Felogin
View Statistics