Name of the Vulnerable Software and Affected Versions: TYPO3 (affected versions not specified)

Description: The issue arises from the default authentication service failing to invalidate empty strings as passwords, allowing authentication of backend and frontend users without a password set in the database. However, it's noted that TYPO3 itself does not allow the creation of user accounts without passwords, so the installation might only be affected if a third-party component creates user accounts without passwords by directly manipulating the database.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.