Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
TYPO3 Cleartext Transmission of Sensitive Information Vulnerability - CVE-2017-6370 - Vulnerability Database
TYPO3

TYPO3 Cleartext Transmission of Sensitive Information Vulnerability - CVE-2017-6370

Medium
Reference: CVE-2017-6370
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-6370
Title: TYPO3 Cleartext Transmission of Sensitive Information Vulnerability
Overview:

TYPO3 7.6.15 sends an http request to an index.phploginProvider URI in cases with an https Referer which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.