TYPO3 Cleartext Transmission of Sensitive Information Vulnerability - CVE-2017-6370 - Vulnerability Database

TYPO3 Cleartext Transmission of Sensitive Information Vulnerability - CVE-2017-6370

Medium

Reference: CVE-2017-6370

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-6370

Title: TYPO3 Cleartext Transmission of Sensitive Information Vulnerability

Overview:

TYPO3 7.6.15 sends an http request to an index.phploginProvider URI in cases with an https Referer which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.