Vigil@nce - TYPO3 Core: weak mode of password storage
May 2019 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
Impacted products: TYPO3 Core.
Consequences: data reading.
Provenance: privileged account.
Confidence: confirmed by the editor (5/5).
Creation date: 07/05/2019.
DESCRIPTION OF THE VULNERABILITY
Passwords are stored after being hashed without salt, which allows parallel dictionary attacks.
ACCESS TO THE FULL VIGIL@NCE BULLETIN