Description

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.

Remediation

References

CVE-2009-0255

Related Vulnerabilities

WordPress Plugin Accept Signups 'email' Parameter Cross-Site Scripting (0.1)

MediaWiki Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2020-25827)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17577)

Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-23163)

OpenSSL Resource Management Errors Vulnerability (CVE-2016-6308)

Severity

Medium

Classification

CVE-2009-0255

Tags

Missing Update Known Vulnerabilities