The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.05112Percentile:
0.89388
CVSS Scoring
CVSS v3.1 Score: 7.5
Severity: HIGH
Mapped CWE(s)
CWE-330
: Use of Insufficiently Random Values
All CAPEC(s)
CAPEC-112 : Brute Force
CAPEC-485 : Signature Spoofing by Key Recreation
CAPEC-59 : Session Credential Falsification through Prediction
CAPEC(s) with Mapped TTPs
CAPEC-112 : Brute Force
Mapped TTPs:
CAPEC-485 : Signature Spoofing by Key Recreation
Mapped TTPs:
Mapped ATT&CK TTPs
T1110
: Brute Force
Kill Chain: credential-access
T1552.004
: Private Keys
Kill Chain: credential-access
Malware
APTs Threat Group Associations
Campaigns
Operation Wocao SolarWinds Compromise 2016 Ukraine Electric Power Attack Operation Dream Job
Affected Products
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me