Dear users of TYPO3, It has been discovered that the extension ftpbrowser is doing incorrect authentication in some files, making it open for exploiting.
==== Component Type ==== Third party extension. This extension is not part of the TYPO3 default installation ==== Affected Versions ==== Version 0.1.2 and all versions below ==== Vulnerability Type ==== Incorrect authentication ==== Severity ==== HIGH ==== Problem Description ==== Lacking authentication in some situations, the extensions opens the possibility for uploading malicious scripts which could compromise the installation. ==== Solution ==== An updated version is available from the TYPO3 extension manager at http://typo3.org/extensions/repository/view/ftpbrowser/0.1.3/ ==== General advice ==== Follow the recommendations that are given in the TYPO3 Security Cookbook [1]. ==== Credits ==== Credits go to security team member Henning Pingel who discovered these issues and to Jean-David Gadina, who is the author and fixed the issues. Regards, Lars Houmark [EMAIL PROTECTED] _______________________________________________ TYPO3-english mailing list TYPO3-english@lists.netfielders.de http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english