[TYPO3-dev] major security problem --> hacking of TYPO3 sites may be possible

[Christopher]

On 4/30/06, Andreas Balzer <eMail at andreas-balzer.de> wrote:

> I'm only a student but the one who hacked my dev server is none of my BE
> users. I only had to give him access to my server (just portopening for
> 8080), but typo3 was not listed on any site and he did not have a user
> account (and of course, all passwords weren't default). After 10 minutes
> he found typo3 somehow and hacked it.. I'll see tomorrow how he did it..

Again, if the TYPO3 install was not public (i.e. was not linked to),
then the security problem is almost certainly with the _webserver_...


-Christopher