Description
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
Remediation
References
Related Vulnerabilities
Microsoft SQL Server Other Vulnerability (CVE-2003-0231)
Oracle Database Server CVE-2012-0525 Vulnerability (CVE-2012-0525)
WordPress Plugin Csv2WPeC Coupon Arbitrary File Upload (1.1)
MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-6662)
Oracle HTTP Server CVE-2006-0435 Vulnerability (CVE-2006-0435)