CVE-2015-2047 Information

Description

The rsaauth extension in TYPO3 4.3.0 through 4.3.14 4.4.0 through 4.4.15 4.5.0 through 4.5.39 and 4.6.0 through 4.6.18 when configured for the frontend allows remote attackers to bypass authentication via a password that is casted to an empty value.

Reference

http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/ http://www.debian.org/security/2015/dsa-3164 http://www.openwall.com/lists/oss-security/2015/02/22/4 http://www.openwall.com/lists/oss-security/2015/02/22/8 http://www.securityfocus.com/bid/72763 http://www.securitytracker.com/id/1031824 https://review.typo3.org//c/37013/