CVE-2014-3945

NameCVE-2014-3945
DescriptionThe Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2942-1
Debian Bugs749215

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
typo3-srcsourcesqueeze(unfixed)end-of-life
typo3-srcsourcewheezy4.5.19+dfsg1-5+wheezy3DSA-2942-1
typo3-srcsource(unstable)4.5.34+dfsg1-1749215

Notes

[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
Search for package or bug name: Reporting problems