CVE-2014-3945 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=0 <6.2.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00198 pctl0.42023

Details

TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash.

Metadata

Created: 2022-05-17T04:42:47Z
Modified: 2025-04-14T16:04:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h7wf-jg4f-x2wc/GHSA-h7wf-jg4f-x2wc.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-h7wf-jg4f-x2wc
Finding: F006
Auto approve: 1