CVE-2015-2047
Published: 23 February 2015
The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.
Priority
Status
Package | Release | Status |
---|---|---|
typo3-src Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
lucid |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Released
(4.5.40+dfsg1-1)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Not vulnerable
(4.5.40+dfsg1-1)
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2047
- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/
- https://review.typo3.org/#/c/37013/
- http://www.openwall.com/lists/oss-security/2015/02/22/8
- http://www.openwall.com/lists/oss-security/2015/02/22/4
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/
- NVD
- Launchpad
- Debian