Description

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.

Remediation

References

CVE-2009-0255

Related Vulnerabilities

WordPress Plugin DW Question & Answer Cross-Site Scripting (1.4.2.2)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0202)

WordPress Plugin Audio 'showfile' Parameter Cross-Site Scripting (0.5.1)

Internet Information Services Other Vulnerability (CVE-1999-0154)

PostgreSQL CVE-2023-2454 Vulnerability (CVE-2023-2454)

Severity

Medium

Classification

CVE-2009-0255

Tags

Missing Update Known Vulnerabilities