Cатсн²² (in)sесuяitу / ChrisJohnRiley
Because we're damned if we do, and we're damned if we don't!
TYPO3-SA-2009-001 – Insecure Randomness
Original Release Date: January 20, 2009 — 4pm (GMT)
Vendor: TYPO3 (Core)
Product: TYPO3 CMS (System extension Install tool)
TYPO3 versions :
- 4.0.0 – 4.0.9
- 4.1.0 – 4.1.7
- 4.2.0 – 4.2.3
Vulnerability Type: Insecure Randomness
Overall Severity: High
TYPO3-wide used encryption key is created with an insufficiently random seed which results in a low entropy.
Technical overview and problem overview (including code snippets) –> TYPO3-Insecure Randomness
Through this vulnerability it is possible to perform an offline brute-force against the TYPO3 encryption key. Possible exposures include Cross-Site Scripting attacks (examined in detail in the technical overview), as well as possible data exposure. Use of this encryption key within TYPO3 extensions was not tested, but may also cause additional exposure or attack vectors.
Update to the TYPO3 versions 4.0.10, 4.1.8 or 4.2.4 that fix the problem described.
You will need to create a new encryption key! Therefore first clear the configuration cache, upgrade to the new TYPO3 version, open the install tool and choose menu 1 (“Basic Configuration”). Scroll to the bottom of the page and click on the button “Generate random key”. Submit the form by clicking on “Update localconf.php”.
Afterwards, clear the configuration and page cache again!
Credits go to Chris John Riley (Raiffeisen Informatik, CERT Security Competence Center Zwettl, Austria) who discovered and reported the issue.
- TYPO3 Advisory (TYPO3-SA-2009-001)
- Typo3 Encryption Key tool
I really like what you wrote here – it’s informative. Thanks for posting this. I’ve been experimenting with WordPress lately. Do you use WordPress? Any tips for me? Visit my site if you’d like to read more. Have a good week!
Pingback: Hacking like it’s 2009… going back to go forward « Cатсн²² (in)sесuяitу / ChrisJohnRiley