Description
The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.
Remediation
References
Related Vulnerabilities
Lodash CVE-2018-16487 Vulnerability (CVE-2018-16487)
Claroline Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3716)
WordPress Plugin DM Albums 'album.php' Remote File Inclusion (1.9.2)
Cherokee Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-2191)
PHP Resource Management Errors Vulnerability (CVE-2010-1917)