TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.
                
            References
                    | Link | Resource | 
|---|---|
| http://www.securityfocus.com/bid/97071 | |
| https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request | Exploit Third Party Advisory | 
| http://www.securityfocus.com/bid/97071 | |
| https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request | Exploit Third Party Advisory | 
Configurations
                    History
                    No history.
Information
                Published : 2017-03-17 17:59
Updated : 2025-04-20 01:37
NVD link : CVE-2017-6370
Mitre link : CVE-2017-6370
CVE.ORG link : CVE-2017-6370
JSON object : View
Products Affected
                typo3
- typo3
CWE
                
                    
                        
                        CWE-319
                        
            Cleartext Transmission of Sensitive Information
