Primary

Context

TYPO3 CMS Password Generation Component Insufficient Entropy Vulnerability

Vulnerability

Patched

A vulnerability exists in the Password Generation component of TYPO3 CMS, specifically in versions 12.0.0 through 12.4.36 and 13.0.0 through 13.4.17. The issue arises from a deterministic three-character prefix that reduces the randomness of generated passwords, enabling attackers to conduct brute-force attacks more efficiently. This vulnerability is not present when the 'random' password rules are used.

Impact

Exploitation of this vulnerability allows for more efficient brute-force attacks on password-protected areas, potentially leading to unauthorized access.

Remediation

Users are advised to update TYPO3 to versions 12.4.37 LTS or 13.4.18 LTS, which address this vulnerability.

Added: Sep 9, 2025, 9:21 AM

Updated: Sep 9, 2025, 5:00 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

6.8

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

6.8

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TYPO3 CMS Password Generation Component Insufficient Entropy Vulnerability

Vulnerability

Impact

Remediation

Affected Products

TYPO3 CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating