TYPO3 CMS Password Storage Vulnerability in Backend User Settings Module

A vulnerability in TYPO3 CMS version 14.2.0 allows for cleartext passwords to be stored in the 'uc' and 'user_settings' fields of the 'be_users' database table. This issue arises when users change their passwords through the backend user settings module, which incorrectly merges password data with user interface settings, leading to sensitive data exposure.

Impact

This vulnerability results in the cleartext storage of passwords in the database, creating a risk of unauthorized access if the database is compromised.

Reproduction

To reproduce this vulnerability, change a backend user's password in TYPO3 CMS version 14.2.0. The password will be stored in cleartext in the 'be_users.uc' and 'be_users.user_settings' fields.

Remediation

Update TYPO3 to version 14.3.0 LTS, which addresses the vulnerability by preventing cleartext password storage. After updating, execute the 'User Settings Scrubbing' wizard in the TYPO3 Install Tool to remove any previously stored cleartext passwords from the 'uc' and 'user_settings' fields of the 'be_users' table. Additionally, assign new passwords to affected backend user accounts.