CVE-2021-36786 – The miniorange_saml extension for TYPO3 before ... (How to Fix)

Q: What is the severity of CVE-2021-36786?

CVE-2021-36786 has a CVSS score of 7.5 (HIGH). The miniorange_saml extension for TYPO3 before version 1.4.3 exposes sensitive API credentials and private keys, allowing attackers to access authentication secrets. This affects TYPO3 installations using the vulnerable extension version.

📋 TL;DR

The miniorange_saml extension for TYPO3 before version 1.4.3 exposes sensitive API credentials and private keys, allowing attackers to access authentication secrets. This affects TYPO3 installations using the vulnerable extension version.

💻 Affected Systems

Products:

TYPO3 CMS with miniorange_saml extension

Versions: miniorange_saml extension versions before 1.4.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects TYPO3 installations with the miniorange_saml extension installed and enabled.

📦 What is this software?

Saml by Miniorange

View all CVEs affecting Saml →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full access to SAML authentication infrastructure, potentially compromising user accounts and sensitive data across integrated systems.

🟠

Likely Case

Credential theft leading to unauthorized access to TYPO3 admin panels and integrated services using exposed API keys.

🟢

If Mitigated

Limited exposure if extension is not internet-facing or uses additional authentication layers, but credentials remain at risk.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires access to exposed credential storage locations, which may be publicly accessible depending on configuration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.3

Vendor Advisory: https://typo3.org/security/advisory/typo3-ext-sa-2021-011

Restart Required: No

Instructions:

1. Update miniorange_saml extension to version 1.4.3 or later via TYPO3 Extension Manager. 2. Clear TYPO3 caches. 3. Verify credentials are no longer exposed.

🔧 Temporary Workarounds

Disable Extension

all

Temporarily disable the miniorange_saml extension until patched

typo3cms extension:deactivate miniorange_saml

Restrict Access

linux

Block external access to TYPO3 installation via firewall rules

iptables -A INPUT -p tcp --dport 80,443 -s trusted_networks -j ACCEPT
iptables -A INPUT -p tcp --dport 80,443 -j DROP

🧯 If You Can't Patch

Isolate the TYPO3 instance from internet access using network segmentation
Implement additional authentication layers and monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check TYPO3 Extension Manager for miniorange_saml version. If version < 1.4.3, system is vulnerable.

Check Version:

typo3cms extension:list | grep miniorange_saml

Verify Fix Applied:

Confirm miniorange_saml version is 1.4.3 or higher in TYPO3 Extension Manager.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to TYPO3 admin areas
Failed authentication attempts with exposed credentials

Network Indicators:

External requests to TYPO3 credential storage paths
Unusual outbound connections from TYPO3 server

SIEM Query:

source="typo3.log" AND ("miniorange_saml" OR "SAML" OR "credential") AND (status="401" OR status="403")

📊 Metadata

CVE ID: CVE-2021-36786

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-922

Published: August 13, 2021

Last Updated: November 21, 2024

🔗 References

https://typo3.org/help/security-advisories/security Vendor Advisory
https://typo3.org/security/advisory/typo3-ext-sa-2021-011 Vendor Advisory
https://typo3.org/help/security-advisories/security Vendor Advisory
https://typo3.org/security/advisory/typo3-ext-sa-2021-011 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-36786, you might also want to check these: