Опубликовано: 09 сент. 2025
Источник: github
Github: Прошло ревью
CVSS4: 6.3
CVSS3: 6.5
Описание
TYPO3 CMS uses insufficient entropy when generating passwords
A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.
Пакеты
Наименование
typo3/cms-core
composer
Затронутые версииВерсия исправления
>= 12.0.0, < 12.4.37
12.4.37
Наименование
typo3/cms-core
composer
Затронутые версииВерсия исправления
>= 13.0.0, < 13.4.18
13.4.18
Связанные уязвимости
CVSS3: 6.5
nvd
5 месяцев назад
A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.