[TYPO3-UG Dutch] security issues

Michiel Roos [netcreators] michiel at netcreators.com
Sat Apr 4 13:50:25 CEST 2009


dick hoogendijk schreef:
> Ik wil eigenlijk gewoon weten of ik voor een langer bestaande TYPO3
> site ook een nieuwe encryption key moet maken, zoals vermeld in het
> onderstaande fragment uit het security bulletin.
> 
> Vulnerable subcomponent #1: System extension Install tool (install)
> 
> Vulnerability Types: Insecure Randomness
> 
> Severity: High
> 
> Problem Description: TYPO3-wide used encryption key is created with an
> insufficiently random seed which results in a low entropy.
> 
> Solution: Update to the TYPO3 versions 4.0.10, 4.1.8 or 4.2.4 that fix
> the problem described.
> 
> You will need to create a new encryption key! Therefore upgrade to the
> new TYPO3 version, clear the configuration cache, open the install tool
> and choose menu 1 ("Basic Configuration"). Scroll to the bottom of the
> page and click on the button "Generate random key". Submit the form by
> clicking on "Update localconf.php".
> 
> Afterwards, clear the configuration and page cache again! 

Beste Dick,

Er staat; Severity: High

Daarop reageer ik altijd direct.

Met vriendelijke groet,


Michiel Roos

-- 
Netcreators BV :: creation and innovation
www.netcreators.com

Interesse in werken bij Netcreators?
http://www.netcreators.com/bedrijf/vacatures/


More information about the TYPO3-UG-dutch mailing list