- Release Date: August 9, 2018
- Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
- Vulnerability Type: Captcha bypass
- Affected Versions: 5.0.0 and below
- Severity: Medium
- Suggested CVSS v3.0: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
- CVE: not assigned yet
When the extension is used together with the TYPO3 Extension sr_freecap, it is possible to bypass the catcha in the registration form.
An updated version 5.1.0 is available from the TYPO3 extension manager and at https://extensions.typo3.org/extension/download/sr_feuser_register/5.1.0/zip/.
Users of the extension are advised to update the extension as soon as possible.
Thanks to Johannes Hahn who discovered and reported the vulnerability.