Description

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.

Remediation

References

CVE-2009-0255

Related Vulnerabilities

Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2005-1921)

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-5301)

MySQL CVE-2018-3078 Vulnerability (CVE-2018-3078)

WordPress Plugin WP Custom Fields Search Cross-Site Scripting (0.3.28)

WordPress Inadequate Encryption Strength Vulnerability (CVE-2012-6707)

Severity

Medium

Classification

CVE-2009-0255

Tags

Missing Update Known Vulnerabilities