PT-2009-1004 · Typo3 · Typo3
Chris John Riley
·
Published
2009-01-22
·
Updated
2024-02-14
·
CVE-2009-0255
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions 4.0.0 through 4.0.9
TYPO3 versions 4.1.0 through 4.1.7
TYPO3 versions 4.2.0 through 4.2.3
Description
The issue allows attackers to compromise the confidentiality, integrity, and availability of protected information. It can be exploited remotely. The System extension Install tool in TYPO3 creates the encryption key with an insufficiently random seed, making it easier for attackers to crack the key.
Recommendations
For versions 4.0.0 through 4.0.9, update to a version that generates encryption keys with a sufficiently random seed.
For versions 4.1.0 through 4.1.7, update to a version that generates encryption keys with a sufficiently random seed.
For versions 4.2.0 through 4.2.3, update to a version that generates encryption keys with a sufficiently random seed.
Exploit
Fix
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3