Bug #19834: Weak encryption key generation vulnerability in sysext install - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #19834

closed

Weak encryption key generation vulnerability in sysext install

Added by Marcus Krause over 15 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Must have

Assignee:

Marcus Krause

Category:

Install Tool

Target version:

Start date:

2009-01-15

Due date:

% Done:

Estimated time:

TYPO3 Version:

4.0

PHP Version:

5.2

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

Versions:
4.0 up to trunk (4.0, 4.1, 4.2, trunk)

Problem:
The install tool generates encryption keys with a very low entropy.

Solution:
Use t3lib_div::generateRandomBytes() instead of the vulnerable JavaScript implementation.

Provided by TYPO3 Security Team
(issue imported from #M10154)

Files

Download all files

10154.diff (8.45 KB) 10154.diff		Administrator Admin, 2009-01-16 02:28
10154_trunk_v1.diff (8.37 KB) 10154_trunk_v1.diff		Administrator Admin, 2009-01-16 02:52
10154_4-2_v2.diff (9.82 KB) 10154_4-2_v2.diff		Administrator Admin, 2009-01-16 02:57
10154_4-2_v3.diff (9.62 KB) 10154_4-2_v3.diff		Administrator Admin, 2009-01-19 23:45
10154_4-1_v3.diff (9.53 KB) 10154_4-1_v3.diff		Administrator Admin, 2009-01-19 23:45
10154_trunk_v3.diff (8.27 KB) 10154_trunk_v3.diff		Administrator Admin, 2009-01-20 00:02
10154_4-0_v3.diff (8.28 KB) 10154_4-0_v3.diff		Administrator Admin, 2009-01-20 00:03
10154_4-0_v4.diff (8.51 KB) 10154_4-0_v4.diff		Administrator Admin, 2009-01-20 01:42
10154_4-1_v4.diff (9.82 KB) 10154_4-1_v4.diff		Administrator Admin, 2009-01-20 01:42

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #19834

Weak encryption key generation vulnerability in sysext install

Updated by Marcus Krause over 15 years ago

Updated by Marcus Krause over 15 years ago

Updated by Marcus Krause over 15 years ago

Updated by Marcus Krause over 15 years ago

Updated by Marcus Krause over 15 years ago

Updated by Helmut Hummel over 15 years ago

Updated by Marcus Krause over 15 years ago

Updated by Ingo Renner over 15 years ago

Updated by Benni Mack over 5 years ago