CVE-2014-3945

NameCVE-2014-3945
DescriptionThe Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2942-1
NVD severitymedium (attack range: remote)
Debian Bugs749215

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
typo3-srcsource(unstable)4.5.34+dfsg1-1medium749215
typo3-srcsourcesqueeze(unfixed)end-of-life
typo3-srcsourcewheezy4.5.19+dfsg1-5+wheezy3mediumDSA-2942-1

Notes

[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)

Search for package or bug name: Reporting problems