CVE-2015-2047

The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.

Published: Feb 23, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-2047
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
typo3 / typo3	4.3.6	4.3.6.x
typo3 / typo3	4.5.30	4.5.30.x
typo3 / typo3	4.5.3	4.5.3.x
typo3 / typo3	4.6.16	4.6.16.x
typo3 / typo3	4.5.27	4.5.27.x
typo3 / typo3	4.3.5	4.3.5.x
typo3 / typo3	4.5.9	4.5.9.x
typo3 / typo3	4.3.8	4.3.8.x
typo3 / typo3	4.5.12	4.5.12.x
typo3 / typo3	4.5.24	4.5.24.x
typo3 / typo3	4.6.6	4.6.6.x
typo3 / typo3	4.6.3	4.6.3.x
typo3 / typo3	4.6.13	4.6.13.x
typo3 / typo3	4.5.32	4.5.32.x
typo3 / typo3	4.3.7	4.3.7.x
typo3 / typo3	4.3.14	4.3.14.x
typo3 / typo3	4.4.14	4.4.14.x
typo3 / typo3	4.5.15	4.5.15.x
typo3 / typo3	4.6.12	4.6.12.x
typo3 / typo3	4.5.35	4.5.35.x
typo3 / typo3	4.6.8	4.6.8.x
typo3 / typo3	4.5.38	4.5.38.x
typo3 / typo3	4.5.5	4.5.5.x
typo3 / typo3	4.5.13	4.5.13.x
typo3 / typo3	4.5.17	4.5.17.x
typo3 / typo3	4.6.17	4.6.17.x
typo3 / typo3	4.4.13	4.4.13.x
typo3 / typo3	4.4.15	4.4.15.x
typo3 / typo3	4.5.8	4.5.8.x
typo3 / typo3	4.4.4	4.4.4.x
typo3 / typo3	4.5.37	4.5.37.x
typo3 / typo3	4.5.14	4.5.14.x
typo3 / typo3	4.4.5	4.4.5.x
typo3 / typo3	4.5.23	4.5.23.x
typo3 / typo3	4.6.0	4.6.0.x
typo3 / typo3	4.4.11	4.4.11.x
typo3 / typo3	4.5.7	4.5.7.x
typo3 / typo3	4.5.20	4.5.20.x
typo3 / typo3	4.5.6	4.5.6.x
typo3 / typo3	4.5.18	4.5.18.x
typo3 / typo3	4.3.13	4.3.13.x
typo3 / typo3	4.6.10	4.6.10.x
typo3 / typo3	4.3.9	4.3.9.x
typo3 / typo3	4.3.2	4.3.2.x
typo3 / typo3	4.4.1	4.4.1.x
typo3 / typo3	4.5.0	4.5.0.x
typo3 / typo3	4.5.26	4.5.26.x
typo3 / typo3	4.3.11	4.3.11.x
typo3 / typo3	4.5.29	4.5.29.x
typo3 / typo3	4.6.5	4.6.5.x
typo3 / typo3	4.5.21	4.5.21.x
typo3 / typo3	4.5.31	4.5.31.x
typo3 / typo3	4.5.36	4.5.36.x
typo3 / typo3	4.3.10	4.3.10.x
typo3 / typo3	4.6.15	4.6.15.x
typo3 / typo3	4.6	4.6.x
typo3 / typo3	4.4.2	4.4.2.x
typo3 / typo3	4.4.6	4.4.6.x
typo3 / typo3	4.3.0	4.3.0.x
typo3 / typo3	4.6.18	4.6.18.x
typo3 / typo3	4.4.7	4.4.7.x
typo3 / typo3	4.5.11	4.5.11.x
typo3 / typo3	4.3.3	4.3.3.x
typo3 / typo3	4.4.0	4.4.0.x
typo3 / typo3	4.6.1	4.6.1.x
typo3 / typo3	4.4.9	4.4.9.x
typo3 / typo3	4.5.19	4.5.19.x
typo3 / typo3	4.3.4	4.3.4.x
typo3 / typo3	4.6.4	4.6.4.x
typo3 / typo3	4.4.8	4.4.8.x
typo3 / typo3	4.6.7	4.6.7.x
typo3 / typo3	4.3.1	4.3.1.x
typo3 / typo3	4.5.1	4.5.1.x
typo3 / typo3	4.5.33	4.5.33.x
typo3 / typo3	4.5.16	4.5.16.x
typo3 / typo3	4.5.39	4.5.39.x
typo3 / typo3	4.5.4	4.5.4.x
typo3 / typo3	4.5.34	4.5.34.x
typo3 / typo3	4.6.2	4.6.2.x
typo3 / typo3	4.5.25	4.5.25.x
typo3 / typo3	4.5.22	4.5.22.x
typo3 / typo3	4.6.9	4.6.9.x
typo3 / typo3	4.6.14	4.6.14.x
typo3 / typo3	4.6.11	4.6.11.x
typo3 / typo3	4.3.12	4.3.12.x
typo3 / typo3	4.4.10	4.4.10.x
typo3 / typo3	4.5.2	4.5.2.x
typo3 / typo3	4.5.10	4.5.10.x
typo3 / typo3	4.4.3	4.4.3.x
typo3 / typo3	4.4.12	4.4.12.x
typo3 / typo3	4.5.28	4.5.28.x
debian / debian_linux	7.0	7.0.x

Vulnerability Database

290,206

CVE-2015-2047