Security Bypass Vulnerability in extension powermail (powermail)

It has been discovered that the extension "powermail" (powermail) is susceptible to Security Bypass Vulnerability.

Release Date: June 03, 2013

Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.

Affected Versions: Version 1.6.9 and below, 2.0.1 - 2.0.6

Vulnerability Type: Security Bypass

Severity: Low

Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:O/RC:C (What's that?)

Problem Description: Failing to invalidate used captcha codes, Powermail allows to use a single captcha code for multiple transmissions. And attacker could bypass further captcha checks by using the same captcha code.

Solution: An updated version 1.6.10 is available from the TYPO3 extension manager and at An updated version 2.0.7 is available from the TYPO3 extension manager and at Users of the extension are advised to update the extension as soon as possible.

Credits: Credits go to Oliver Meyfarth who discovered and reported this issue.

Update Note: For TYPO3 4.5 use version 1.6.10 of powermail, for TYPO3 4.6/4.7 use version 2.0.7.
Follow these steps if you want to update to version 1.6.10: In the extension manager go to "Import Extensions", search for "powermail" and the make a right-click on the extension entry, select "import versions for powermail". Then you will have the possibility to install version 1.6.10

General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.