TYPO3-20070709-1: Incorrect authentication
July 09, 2007
Category: TYPO3 Extension
It has been discovered that the extension ftpbrowser is doing incorrect authentication in some files, making it open for exploiting.
Component Type: Third party extension. This extension is not part of the TYPO3 default installation
Affected Versions: Version 0.1.2 and all versions below
Vulnerability Type: Incorrect authentication
Problem Description: Lacking authentication in some situations, the extension opens the possibility for uploading malicious scripts which could compromise the installation.
Solution: An updated version is available from the TYPO3 extension manager at
General advice: Follow the recommendations that are given in the TYPO3 Security Cookbook.
Credits: Credits go to security team member Henning Pingel who discovered these issues and to Jean-David Gadina who is the author and fixed the issues.