CVE-2015-1401 – CVE-2015-1401 is an improper authentication vul... (How to Fix)

Q: What is the severity of CVE-2015-1401?

CVE-2015-1401 has a CVSS score of 9.8 (CRITICAL). CVE-2015-1401 is an improper authentication vulnerability in the TYPO3 LDAP/SSO authentication extension that allows attackers to bypass authentication and gain unauthorized access to TYPO3 backend systems. This affects TYPO3 installations using the ig_ldap_sso_auth extension version 2.0.0.

📋 TL;DR

CVE-2015-1401 is an improper authentication vulnerability in the TYPO3 LDAP/SSO authentication extension that allows attackers to bypass authentication and gain unauthorized access to TYPO3 backend systems. This affects TYPO3 installations using the ig_ldap_sso_auth extension version 2.0.0.

💻 Affected Systems

Products:

TYPO3 CMS with ig_ldap_sso_auth extension

Versions: Extension version 2.0.0 only

Operating Systems: All operating systems running TYPO3

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations using the LDAP/SSO authentication extension; standard TYPO3 authentication is not affected.

📦 What is this software?

Ldap \/ Sso Authentication by Ldap \/ Sso Authentication Project

View all CVEs affecting Ldap \/ Sso Authentication →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of TYPO3 backend with administrative privileges, allowing content manipulation, data theft, and potential server takeover.

🟠

Likely Case

Unauthorized access to TYPO3 backend with varying privilege levels depending on LDAP group mappings.

🟢

If Mitigated

No impact if extension is disabled or properly patched with authentication enforced.

🌐 Internet-Facing: HIGH - TYPO3 installations with public backend login are directly exposed to authentication bypass.

🏢 Internal Only: MEDIUM - Internal systems still vulnerable but attack surface is reduced.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires knowledge of valid usernames but no credentials; public exploit details available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Extension version 2.0.1 or later

Vendor Advisory: https://typo3.org/security/advisory/typo3-ext-sa-2015-001/

Restart Required: No

Instructions:

1. Update ig_ldap_sso_auth extension to version 2.0.1 or later via TYPO3 Extension Manager. 2. Clear TYPO3 and PHP caches. 3. Verify authentication is working correctly.

🔧 Temporary Workarounds

Disable LDAP/SSO Extension

all

Temporarily disable the vulnerable extension until patching is possible

typo3cms extension:deactivate ig_ldap_sso_auth

Restrict Backend Access

all

Limit TYPO3 backend access to trusted IP addresses only

# Add to .htaccess or web server config: Order Deny,Allow\nDeny from all\nAllow from 192.168.1.0/24

🧯 If You Can't Patch

Disable the ig_ldap_sso_auth extension immediately
Implement IP-based access controls for TYPO3 backend

🔍 How to Verify

Check if Vulnerable:

Check TYPO3 Extension Manager for ig_ldap_sso_auth version 2.0.0

Check Version:

typo3cms extension:list | grep ig_ldap_sso_auth

Verify Fix Applied:

Confirm extension version is 2.0.1 or later and test LDAP authentication functionality

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts followed by successful login without valid credentials
Unusual backend access from unexpected IP addresses

Network Indicators:

HTTP POST requests to TYPO3 backend login with manipulated authentication parameters

SIEM Query:

source="typo3.log" AND (event="authentication" AND result="success" AND method="LDAP") AND NOT user_agent="expected_browser"

📊 Metadata

CVE ID: CVE-2015-1401

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: August 28, 2017

Last Updated: April 20, 2025

🔗 References

http://www.openwall.com/lists/oss-security/2015/01/11/7 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/01/27/31 Mailing List,Third Party Advisory
http://www.securityfocus.com/bid/71981 Third Party Advisory,VDB Entry
http://www.openwall.com/lists/oss-security/2015/01/11/7 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/01/27/31 Mailing List,Third Party Advisory
http://www.securityfocus.com/bid/71981 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2015-1401, you might also want to check these: