Name of the Vulnerable Software and Affected Versions: TYPO3 (affected versions not specified)

Description: The issue arises when creating new backend user accounts in the TYPO3 backend, potentially leading to database records with insecure or empty credentials being persisted. This occurs when the user account type is changed, causing the backend form to reload and reflect new configuration possibilities, but also persisting the current state. This can result in accounts with empty login credentials or incomplete and weak credentials. Although the TYPO3 core functionality cannot be used with empty usernames or passwords, custom authentication service implementations may still be severely vulnerable. This weakness requires intentional interaction by a backend user with appropriate privileges.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.