Plaintext Password Exposure in TYPO3 Content Management Framework
CVE-2024-55891

3.1LOW

Key Information:

Vendor: Typo3
Status: Typo3
Vendor: CVE Published:; 14 January 2025

What is CVE-2024-55891?

The TYPO3 Content Management Framework suffers from a security vulnerability where the install tool password can be inadvertently logged in plaintext due to an incorrect password hashing implementation. This exposes sensitive information and can potentially lead to unauthorized access. Users are strongly advised to upgrade to TYPO3 version 13.4.3 ELTS to mitigate this risk. Currently, there are no known workarounds for this vulnerability.

Affected Version(s)

typo3 < 13.4.3

References

https://github.com/TYPO3/typo3/security/advisories/GHSA-3...

x_refsource_CONFIRM

https://typo3.org/security/advisory/typo3-core-sa-2025-001

x_refsource_MISC

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 14, 2025

Typo3

What is CVE-2024-55891?

Affected Version(s)

References

CVSS V3.1

Timeline