Miggo Logo
Miggo Vulnerability Database
CVE-2010-3671

CVE-2010-3671: TYPO3 is vulnerable to Session Fixation

6.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2010-3671
GHSA ID
GHSA-gqmh-5xmq-3fhg
EPSS Score
0.74908%
CWE
CWE-384
Published
4/21/2022
Updated
2/7/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
typo3/cms-installcomposer< 4.1.144.1.14
typo3/cms-installcomposer>= 4.2.0, < 4.2.134.2.13
typo3/cms-installcomposer>= 4.3.0, < 4.3.44.3.4
typo3/cms-installcomposer>= 4.4.0, < 4.4.14.4.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from the install tool's session management not regenerating session IDs during critical phases. Commit 199cc2d and related patches show modifications to startSession() and setAuthorized() where session_regenerate_id() equivalent (renewSession()) was added. These functions were vulnerable because they previously reused existing session IDs during authentication, allowing fixation. The direct correlation between the CWE-384 description and the patched functions confirms their role in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

TYPO* ***or* *.*.**, *.*.x ***or* *.*.**, *.*.x ***or* *.*.* *n* *.*.x ***or* *.*.* is op*n to * s*ssion *ix*tion *tt**k w*i** *llows r*mot* *tt**k*rs to *ij**k * vi*tim's s*ssion.

Reasoning

T** vuln*r**ility st*mm** *rom t** inst*ll tool's s*ssion m*n***m*nt not r***n*r*tin* s*ssion I*s *urin* *riti**l p**s*s. *ommit ******* *n* r*l*t** p*t***s s*ow mo*i*i**tions to st*rtS*ssion() *n* s*t*ut*oriz**() w**r* s*ssion_r***n*r*t*_i*() *quiv*