Name of the Vulnerable Software and Affected Versions TYPO3 (affected versions not specified)

Description The issue arises when creating new backend user accounts in the TYPO3 backend, potentially leading to database records with insecure or empty credentials being persisted. This occurs when the user account type is changed, causing the backend form to reload and reflect new configuration possibilities, but also persisting the current state. This can result in accounts with empty login credentials or incomplete and weak credentials. Although the TYPO3 core functionality cannot be used with empty usernames or passwords, custom authentication service implementations may still be severely vulnerable. The weakness requires intentional interaction by a backend user with appropriate privileges and cannot be directly exploited.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.