The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
References
Link | Resource |
---|---|
http://secunia.com/advisories/33617 | Broken Link Vendor Advisory |
http://secunia.com/advisories/33679 | Broken Link Vendor Advisory |
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/ | Vendor Advisory |
http://www.debian.org/security/2009/dsa-1711 | Mailing List |
http://www.securityfocus.com/bid/33376 | Broken Link Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/48132 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-01-22T23:00:00
Updated: 2017-08-07T12:57:01
Reserved: 2009-01-22T00:00:00
Link: CVE-2009-0255
JSON object: View
NVD Information
Status : Analyzed
Published: 2009-01-22T23:30:00.203
Modified: 2024-02-14T16:10:04.203
Link: CVE-2009-0255
JSON object: View
Redhat Information
No data.
CWE