CVE-2009-0255

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.

Published: Jan 23, 2009
Updated: May 9, 2024
CVE: CVE-2009-0255
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-330
CWE-310

Affected Software
References

Software	From	Fixed in
typo3 / typo3	4.0	4.0.10
typo3 / typo3	4.1.0	4.1.8
typo3 / typo3	4.2.0	4.2.4
debian / debian_linux	4.0	4.0.x

http://secunia.com/advisories/33617
http://secunia.com/advisories/33679
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
http://www.debian.org/security/2009/dsa-1711
http://www.securityfocus.com/bid/33376
https://exchange.xforce.ibmcloud.com/vulnerabilities/48132

Vulnerability Database

289,871

CVE-2009-0255