CVE-2020-11063

Observable Response Discrepancy in TYPO3 CMS

CVSS 3.7 LOWEPSS 1.2%CWE-204

In short

An attacker can exploit the password reset feature in TYPO3 CMS to discover which email addresses are registered as backend user accounts by measuring response times. This leaks information about valid users without needing a password.

Technical detail

CWE-204 vulnerability in TYPO3 CMS 10.4.0–10.4.1 allows timing-based user enumeration via the backend password reset functionality. An attacker can differentiate valid from invalid email addresses by analyzing response time discrepancies, enabling user account discovery without authentication.

Summary generated and translated by AI from the official description.

In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

TYPO3 · TYPO3 CMS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-347x-877p-hcwx https://github.com/TYPO3/typo3/commit/14929b98ecda0ce67329b0f25ca7c01ee85df574 https://github.com/TYPO3/typo3/security/advisories/GHSA-347x-877p-hcwx