Description

The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash.

Remediation

References

CVE-2014-3945

Related Vulnerabilities

WordPress Plugin Shield Security-Smart Bot Blocking & Intrusion Prevention Security Cross-Site Request Forgery (19.1.10)

WordPress Plugin Ultimate Responsive Image Slider Unspecified Vulnerability (3.3.2)

Liferay DXP Other Vulnerability (CVE-2023-33946)

WordPress Plugin Easy Social Icons Cross-Site Scripting (3.0.8)

WordPress Plugin Google Maps CP Cross-Site Scripting (1.0.3)

Severity

Medium

Classification

CVE-2014-3945 CWE-287

Tags

Missing Update Known Vulnerabilities