The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| typo3/cms(Packagist) | 6.2.0 | 6.2.3 | N/A |
CVSS Metrics
