Vulnerability Details : CVE-2012-5890
The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature.
Vulnerability category: Information leak
Products affected by CVE-2012-5890
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:*:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.19:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.17:18:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.16:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.15:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.14:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.6.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-5890
0.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-5890
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-5890
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5890
-
http://forge.typo3.org/projects/extension-sr_feuser_register/repository/entry/trunk/ChangeLog
404 - Front End User Registration - TYPO3 Forge
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/80145
Front End User Registration extension for TYPO3 multiple information disclsoure CVE-2012-5890 Vulnerability Report
-
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-002/
Information disclosure vulnerabilities in extension "Front End User Registration" (sr_feuser_register)Patch;Vendor Advisory
-
http://forge.typo3.org/projects/extension-sr_feuser_register/repository/revisions/58720
Revision 58720 - fix regression on security issue: Information (and password) Disclosure in ex... - Front End User Registration - TYPO3 Forge
Jump to