Name of the Vulnerable Software and Affected Versions TYPO3 (affected versions not specified)

Description The issue concerns an Authentication Bypass in the Salted Password system extension of TYPO3. This occurs when using hashing methods related by PHP class inheritance. Specifically, stored passwords using the blowfish hashing algorithm can be overridden by using MD5 as the default hashing algorithm, provided a valid username is known. The Portable PHP hashing algorithm (PHPass), which is used by default, is not vulnerable.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.