CVE-2015-2047
Publication date 23 February 2015
Last updated 24 July 2024
Ubuntu priority
The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.
Status
Package | Ubuntu Release | Status |
---|---|---|
typo3-src | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
References
Other references
- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/
- https://review.typo3.org/#/c/37013/
- http://www.openwall.com/lists/oss-security/2015/02/22/8
- http://www.openwall.com/lists/oss-security/2015/02/22/4
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/
- https://www.cve.org/CVERecord?id=CVE-2015-2047