Vulnerability Database

314,343

Total vulnerabilities in the database

CVE-2014-3944

The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.

Published: Jun 3, 2014
Updated: Nov 9, 2025
CVE: CVE-2014-3944
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
typo3 / typo3	6.2.1	6.2.1.x
typo3 / typo3	6.2.0-beta1	6.2.0-beta1.x
typo3 / typo3	6.2	6.2.x
typo3 / typo3	6.2.2	6.2.2.x
typo3 / typo3	6.2.0-beta3	6.2.0-beta3.x
typo3 / typo3	6.2.0-beta2	6.2.0-beta2.x

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
http://www.debian.org/security/2014/dsa-2942
http://www.openwall.com/lists/oss-security/2014/06/03/2

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo