[TYPO3-UG Dutch] security issues
Michiel Roos [netcreators]
michiel at netcreators.com
Sat Apr 4 13:50:25 CEST 2009
dick hoogendijk schreef:
> Ik wil eigenlijk gewoon weten of ik voor een langer bestaande TYPO3
> site ook een nieuwe encryption key moet maken, zoals vermeld in het
> onderstaande fragment uit het security bulletin.
>
> Vulnerable subcomponent #1: System extension Install tool (install)
>
> Vulnerability Types: Insecure Randomness
>
> Severity: High
>
> Problem Description: TYPO3-wide used encryption key is created with an
> insufficiently random seed which results in a low entropy.
>
> Solution: Update to the TYPO3 versions 4.0.10, 4.1.8 or 4.2.4 that fix
> the problem described.
>
> You will need to create a new encryption key! Therefore upgrade to the
> new TYPO3 version, clear the configuration cache, open the install tool
> and choose menu 1 ("Basic Configuration"). Scroll to the bottom of the
> page and click on the button "Generate random key". Submit the form by
> clicking on "Update localconf.php".
>
> Afterwards, clear the configuration and page cache again!
Beste Dick,
Er staat; Severity: High
Daarop reageer ik altijd direct.
Met vriendelijke groet,
Michiel Roos
--
Netcreators BV :: creation and innovation
www.netcreators.com
Interesse in werken bij Netcreators?
http://www.netcreators.com/bedrijf/vacatures/
More information about the TYPO3-UG-dutch
mailing list