TYPO3 Authentication component Authentication Bypass Vulnerability (CVE-2014-3944)

Release date:
Updated on: 2014-06-04

Affected Systems:
TYPO3 TYPO3 <1, 6.2
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-3944
 
Typo3 is an open-source Content Management System (CMS) and Content Management Framework (CMF ).
 
The Authentication component of TYPO3 6.2.0-6.2.3 does not properly cancel user sessions that have timed out, which allows remote attackers to bypass Authentication.
 
<* Source: Helmut Hummel

Link: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
TYPO3
-----
TYPO3 has released a Security Bulletin (typo3-core-sa-2014-001) and corresponding patches for this:
Typo3-core-sa-2014-001: TYPO3-CORE-SA-2014-001: Multiple Vulnerabilities in TYPO3 CMS
Link: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/

For more information about Typo3, click here.
Typo3: click here

This article permanently updates the link address: