CVE-2015-2047
CVE-2015-2047
The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.htmlhttps://review.typo3.org/#/c/37013/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/http://www.debian.org/security/2015/dsa-3164http://www.openwall.com/lists/oss-security/2015/02/22/4http://www.openwall.com/lists/oss-security/2015/02/22/8http://www.securityfocus.com/bid/72763http://www.securitytracker.com/id/1031824