CVE-2021-21339

Cleartext Storage of Sensitive Information in packagist/typo3/cms-core

Identifier

CVE-2021-21339

Package Slug

packagist/typo3/cms-core

Vulnerability

Cleartext Storage of Sensitive Information

Description

User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - such as SQL injection in any other component of the system.

Affected Versions

All versions starting from 6.2.0 before 6.2.57, all versions starting from 7.0.0 before 7.6.51, all versions starting from 8.0.0 before 8.7.40, all versions starting from 9.0.0 before 9.5.25, all versions starting from 10.0.0 before 10.4.14, all versions starting from 11.0.0 before 11.1.1

Solution

Upgrade to versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 or above.

Last Modified

2021-03-29

source