CVE-2021-21339

Cleartext Storage of Sensitive Information in packagist/typo3/cms

Identifier

CVE-2021-21339

Package Slug

packagist/typo3/cms

Vulnerability

Cleartext Storage of Sensitive Information

Description

User session identifiers are stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - for example SQL injection in any other component of the system.

Affected Versions

All versions starting from 6.2.0 before 6.2.57, all versions starting from 7.0.0 before 7.6.51, all versions starting from 8.0.0 before 8.7.40, all versions starting from 9.0.0 before 9.5.25, all versions starting from 10.0.0 before 10.4.14, all versions starting from 11.0.0 before 11.1.1

Solution

Upgrade to versions 6.2.57, 7.6.51, 9.5.25, 10.4.14, 11.1.1 or above.

Last Modified

2021-03-29

source