Description

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.

Remediation

References

CVE-2009-0255

Related Vulnerabilities

ownCloud Improper Access Control Vulnerability (CVE-2016-9468)

PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-3981)

WordPress Plugin VikRentCar Car Rental Management System Cross-Site Request Forgery (1.1.6)

WordPress Plugin Ultimate Category Excluder Cross-Site Request Forgery (1.1)

Oracle JRE CVE-2013-2448 Vulnerability (CVE-2013-2448)

Severity

Medium

Classification

CVE-2009-0255

Tags

Missing Update Known Vulnerabilities