CVE-2020-11063 LOW

CVE-2020-11063: Observable Response Discrepancy in TYPO3 CMS

Vendor Typo3

Product TYPO3 CMS

Weakness CWE-204

Published May 13, 2020

Last update December 3, 2024

View on NVD All CVEs

CVSS base score

3.7/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

Description

In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2.

Key dates

Disclosure timeline

May 13, 2020 CVE published

December 3, 2024 Record updated