high
8.1
CWE
312 89
Advisory Published
CVE Published
Updated

CVE-2020-26228: Cleartext storage of session identifier

First published: Tue Nov 17 2020(Updated: )

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.

Credit: security-advisories@github.com security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
composer/typo3/cms-core>=10.0.0<10.4.10>=9.0.0<9.5.23>=8.7.0<8.7.38
composer/typo3/cms>=10.0.0<10.4.10>=9.0.0<9.5.23>=8.7.0<8.7.38
Typo3 Typo3>=9.0.0<9.5.23
Typo3 Typo3>=10.0.0<10.4.10
composer/typo3/cms>=8.7.0<8.7.38
8.7.38
composer/typo3/cms>=9.0.0<9.5.23
9.5.23
composer/typo3/cms>=10.0.0<10.4.10
10.4.10
composer/typo3/cms-core>=8.7.0<8.7.38
8.7.38
composer/typo3/cms-core>=10.0.0<10.4.10
10.4.10
composer/typo3/cms-core>=9.0.0<9.5.23
9.5.23
>=9.0.0<9.5.23
>=10.0.0<10.4.10

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is TYPO3-CORE-SA-2020-011?

    TYPO3-CORE-SA-2020-011 is a vulnerability that allows for cleartext storage of session identifiers in TYPO3 CMS.

  • How does TYPO3-CORE-SA-2020-011 impact my website?

    TYPO3-CORE-SA-2020-011 can lead to an attacker being able to intercept and use session identifiers, potentially compromising user sessions.

  • Which versions of TYPO3 are affected by TYPO3-CORE-SA-2020-011?

    TYPO3 versions 8.7.0 to 8.7.38, 9.0.0 to 9.5.23, and 10.0.0 to 10.4.10 are affected by TYPO3-CORE-SA-2020-011.

  • How do I fix TYPO3-CORE-SA-2020-011?

    To fix TYPO3-CORE-SA-2020-011, update TYPO3 to a version that includes the security fix.

  • Where can I find more information about TYPO3-CORE-SA-2020-011?

    More information about TYPO3-CORE-SA-2020-011 can be found on the TYPO3 website at https://typo3.org/security/advisory/typo3-core-sa-2020-011.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203