Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

TYPO3-SA-2009-001 – Insecure Randomness

TYPO3-SA-2009-001

Original Release Date: January 20, 2009 — 4pm (GMT)

Vendor: TYPO3 (Core)

Product: TYPO3 CMS (System extension Install tool)

Affected Versions

TYPO3 versions :

  • 4.0.0 – 4.0.9
  • 4.1.0 – 4.1.7
  • 4.2.0 – 4.2.3

Vulnerability Type: Insecure Randomness

Overall Severity: High

Problem Description

TYPO3-wide used encryption key is created with an insufficiently random seed which results in a low entropy.

Technical overview and problem overview (including code snippets) –> TYPO3-Insecure Randomness

Impact

Through this vulnerability it is possible to perform an offline brute-force against the TYPO3 encryption key. Possible exposures include Cross-Site Scripting attacks (examined in detail in the technical overview), as well as possible data exposure. Use of this encryption key within TYPO3 extensions was not tested, but may also cause additional exposure or attack vectors.

Vendor Response

Update to the TYPO3 versions 4.0.10, 4.1.8 or 4.2.4 that fix the problem described.

You will need to create a new encryption key! Therefore first clear the configuration cache, upgrade to the new TYPO3 version, open the install tool and choose menu 1 (“Basic Configuration”). Scroll to the bottom of the page and click on the button “Generate random key”. Submit the form by clicking on “Update localconf.php”.

Afterwards, clear the configuration and page cache again!

Credit(s)

Credits go to Chris John Riley (Raiffeisen Informatik, CERT Security Competence Center Zwettl, Austria) who discovered and reported the issue.

References

2 responses to “TYPO3-SA-2009-001 – Insecure Randomness

  1. Jesse Serrin December 19, 2009 at 21:14

    I really like what you wrote here – it’s informative. Thanks for posting this. I’ve been experimenting with WordPress lately. Do you use WordPress? Any tips for me? Visit my site if you’d like to read more. Have a good week!

  2. Pingback: Hacking like it’s 2009… going back to go forward « Cатсн²² (in)sесuяitу / ChrisJohnRiley

Follow

Get every new post delivered to your Inbox.

Join 127 other followers

%d bloggers like this: