Posts tagged "typo3 cms 6.2"

Cross-Site Request Forgery Protection in TYPO3 CMS 6.2

   In TYPO3 CMS, protection against CSRF has been implemented for many important actions (like creating, editing or deleting records) but is still missing in other places (like Extension Manager, file upload, configuration module). The upcoming 6.2 LTS version will finally close this gap and will protect editors or administrators from these kind of attacks. Since this kind of security improvement cannot be done without potentially breaking third party extensions, this additional security feature will only be part of TYPO3 CMS 6.2 and will not be backported to older versions.Solution: Since user action is always involved in this attack technique the risk can be mitigated greatly by not using the default web browser to log into a TYPO3 Backend and always log out once the work is finished.