TYPO3-20070709-1: Incorrect authentication

It has been discovered that the extension ftpbrowser is doing incorrect authentication in some files, making it open for exploiting.

Component Type: Third party extension. This extension is not part of the TYPO3 default installation

Affected Versions: Version 0.1.2 and all versions below

Vulnerability Type: Incorrect authentication

Severity: HIGH

Problem Description: Lacking authentication in some situations, the extension opens the possibility for uploading malicious scripts which could compromise the installation.

Solution: An updated version is available from the TYPO3 extension manager at
typo3.org/extensions/repository/view/ftpbrowser/0.1.3/

General advice: Follow the recommendations that are given in the TYPO3 SECURITY Guide.

Credits: Credits go to security team member Henning Pingel who discovered these issues and to Jean-David Gadina who is the author and fixed the issues.