logo

Database

Improper authorization control for web services In typo3/cms

Description

Information Disclosure in TYPO3 Backend The TYPO3 backend module stores the username of an authenticated backend user in its cache files. By guessing the file path to the cache files it is possible to receive valid backend usernames.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GCVE-GHSA-vpr3-rc99-2wpr

References

1. https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-07-19-4.yaml2. https://typo3.org/security/advisory/typo3-core-sa-2016-0173. https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-017

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.