CVE-2021-21339

HIGH Year: 2021
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-312
View all →

Vulnerability Description

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.

Related Vulnerabilities

CVE-2001-1536

HIGH
CVSS:7.5(High)

Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-...

CWE-3122001

CVE-2001-1537

HIGH
CVSS:7.5(High)

The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication informa...

CWE-3122001

CVE-2002-1800

HIGH
CVSS:7.5(High)

phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.

CWE-3122002

CVE-2004-2397

HIGH
CVSS:7.5(High)

The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allo...

CWE-3122004

CVE-2005-1828

HIGH
CVSS:7.5(High)

D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.

CWE-3122005

CVE-2005-2160

HIGH
CVSS:7.5(High)

IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.

CWE-3122005