VYPR
High severityNVD Advisory· Published Nov 23, 2020· Updated Aug 4, 2024

Cleartext storage of session identifier

CVE-2020-26228

Description

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
typo3/cms-corePackagist
>= 9.0.0, < 9.5.239.5.23
typo3/cms-corePackagist
>= 10.0.0, < 10.4.1010.4.10
typo3/cms-corePackagist
>= 8.7.0, < 8.7.388.7.38
typo3/cmsPackagist
>= 10.0.0, < 10.4.1010.4.10
typo3/cmsPackagist
>= 9.0.0, < 9.5.239.5.23
typo3/cmsPackagist
>= 8.7.0, < 8.7.388.7.38

Affected products

4

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.