Index: typo3/sysext/saltedpasswords/sv1/class.tx_saltedpasswords_sv1.php
===================================================================
--- typo3/sysext/saltedpasswords/sv1/class.tx_saltedpasswords_sv1.php	(revision 6822)
+++ typo3/sysext/saltedpasswords/sv1/class.tx_saltedpasswords_sv1.php	(working copy)
@@ -79,7 +79,18 @@
 	 */
 	protected $objInstanceSaltedPW = NULL;
 
+	/**
+	 * Determines if no further authentication service should
+	 * by tried when authentication fails.
+	 *
+	 * Prevents authentication bypass. See vulnerability report:
+	 * { @link http://bugs.typo3.org/view.php?id=13372 }
+	 *
+	 * @var boolean
+	 */
+	protected $boolOverwriteOnlyAuthService = FALSE;
 
+
 	/**
 	 * Checks if service is available. In case of this service we check that
 	 * following prerequesties are fulfilled:
@@ -123,6 +134,12 @@
 		if (is_object($this->objInstanceSaltedPW)) {
 			$validPasswd = $this->objInstanceSaltedPW->checkPassword($password,$user['password']);
 
+				// record is in format of Salted Hash password but authentication failed
+				// skip further authentication methods
+			if (!$validPasswd) {
+				$this->boolOverwriteOnlyAuthService = TRUE;
+			}
+
 			$defaultHashingClassName = tx_saltedpasswords_div::getDefaultSaltingHashingMethod();
 			$skip = FALSE;
 
@@ -158,10 +175,20 @@
 					$validPasswd = $this->objInstanceSaltedPW->checkPassword(md5($password), substr($user['password'], 1));
 				}
 
+					// skip further authentication methods
+				if (!$validPasswd) {
+					$this->boolOverwriteOnlyAuthService = TRUE;
+				}
+
 				// password is stored as md5
 			} else if (preg_match('/[0-9abcdef]{32,32}/', $user['password'])) {
 				$validPasswd = (!strcmp(md5($password), $user['password']) ? TRUE : FALSE);
 
+					// skip further authentication methods
+				if (!$validPasswd) {
+					$this->boolOverwriteOnlyAuthService = TRUE;
+				}
+
 				// password is stored plain or unrecognized format
 			} else {
 				$validPasswd = (!strcmp($password, $user['password']) ? TRUE : FALSE);
@@ -171,7 +198,7 @@
 					// instanciate default method class
 				$this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL);
 				$this->updatePassword(
-					intval($user['uid']), 
+					intval($user['uid']),
 					array('password' => $this->objInstanceSaltedPW->getHashedPassword($password))
 				);
 			}
@@ -219,7 +246,7 @@
 				);
 			}
 
-			if (!$validPasswd && intval($this->extConf['onlyAuthService'])) {
+			if (!$validPasswd && (intval($this->extConf['onlyAuthService']) || $this->boolOverwriteOnlyAuthService)) {
 					// Failed login attempt (wrong password) - no delegation to further services
 				$this->writeLog(
 					TYPO3_MODE . ' Authentication failed - wrong password for username \'%s\'',