Authentication Bypass Vulnerability in TYPO3 RSAAuth Extension

Authentication Bypass Vulnerability in TYPO3 RSAAuth Extension

CVE-2015-2047 · LOW Severity

AV:N/AC:H/AU:N/C:N/I:P/A:N

The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.

Learn more about our Web Application Penetration Testing UK.