Vigil@nce - TYPO3 Core: privilege escalation via HMAC-SHA1

September 2020 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

Impacted products: TYPO3 Core.

Severity: 2/4.

Consequences: privileged access/rights, user access/rights.

Provenance: intranet client.

Confidence: confirmed by the editor (5/5).

Creation date: 28/07/2020.

DESCRIPTION OF THE VULNERABILITY

An attacker can bypass restrictions via HMAC-SHA1 of TYPO3 Core, in order to escalate his privileges.

