PT-2024-20759 · Typo3 · Typo3
Christian Kuhn
+2
·
Published
2024-02-13
·
Updated
2024-10-16
·
CVE-2024-25118
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions prior to 8.7.57 ELTS
TYPO3 versions prior to 9.5.46 ELTS
TYPO3 versions prior to 10.4.43 ELTS
TYPO3 versions prior to 11.5.35 LTS
TYPO3 versions prior to 12.4.11 LTS
TYPO3 versions prior to 13.0.1
Description
The issue concerns password hashes being reflected in the editing forms of the TYPO3 backend user interface, allowing attackers to crack the plaintext password using brute force techniques. Exploiting this issue requires a valid backend user account.
Recommendations
Update to TYPO3 version 8.7.57 ELTS or later
Update to TYPO3 version 9.5.46 ELTS or later
Update to TYPO3 version 10.4.43 ELTS or later
Update to TYPO3 version 11.5.35 LTS or later
Update to TYPO3 version 12.4.11 LTS or later
Update to TYPO3 version 13.0.1 or later
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3