CVE-2010-3670
Inadequate Encryption Strength in packagist/typo3/cms-frontend
Identifiers
GHSA-3276-p9f2-8q89, CVE-2010-3670
Package Slug
packagist/typo3/cms-frontend
Vulnerability
Inadequate Encryption Strength
Description
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.
Affected Versions
All versions before 4.3.4, all versions starting from 4.4.0 before 4.4.1
Solution
Upgrade to versions 4.3.4, 4.4.1 or above.
Last Modified
2024-02-09
| source |