Description

The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.

Remediation

References

CVE-2015-2047

Related Vulnerabilities

WordPress Plugin Easy PayPal Buy Now Button Multiple Vulnerabilities (1.7.2)

Drupal Improper Input Validation Vulnerability (CVE-2010-2473)

WordPress Plugin BP GTM System Cross-Site Scripting (1.9.5)

WordPress Plugin WP-SpamFree Anti-Spam Cross-Site Scripting (2.1.1.6)

WordPress Plugin Author Stats Cross-Site Scripting (1.3)

Severity

Low

Classification

CVE-2015-2047 CWE-287

Tags

Missing Update Known Vulnerabilities