Incorrect authentication
It has been discovered that the extension ftpbrowser is doing incorrect authentication in some files, making it open for exploiting.
Component Type: Third party extension. This extension is not part of the TYPO3 default installation
Affected Versions: Version 0.1.2 and all versions below
Vulnerability Type: Incorrect authentication
Severity: HIGH
Problem Description: Lacking authentication in some situations, the extension opens the possibility for uploading malicious scripts which could compromise the installation.
Solution: An updated version is available from the TYPO3 extension manager at
typo3.org/extensions/repository/view/ftpbrowser/0.1.3/
General advice: Follow the recommendations that are given in the TYPO3 SECURITY Guide.
Credits: Credits go to security team member Henning Pingel who discovered these issues and to Jean-David Gadina who is the author and fixed the issues.