CVE-2009-0255

Name of the Vulnerable Software and Affected Versions TYPO3 versions 4.0.0 through 4.0.9 TYPO3 versions 4.1.0 through 4.1.7 TYPO3 versions 4.2.0 through 4.2.3

Description The issue allows attackers to compromise the confidentiality, integrity, and availability of protected information. It can be exploited remotely. The System extension Install tool in TYPO3 creates the encryption key with an insufficiently random seed, making it easier for attackers to crack the key.

Recommendations For versions 4.0.0 through 4.0.9, update to a version that generates encryption keys with a sufficiently random seed. For versions 4.1.0 through 4.1.7, update to a version that generates encryption keys with a sufficiently random seed. For versions 4.2.0 through 4.2.3, update to a version that generates encryption keys with a sufficiently random seed.