Vulnerability DatabaseCVE-2010-3670
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2010-3670
Published:November 05, 2019
Updated:May 17, 2026
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.
Related Resources (7)
https://github.com/TYPO3-CMS/frontend
https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness
https://github.com/TYPO3/typo3/commit/c03e944d200bf427bb18cad15f2ad36bc83061c9
https://github.com/TYPO3/typo3/commit/09ab77653161f23e266470a5984d4d5e64588355
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719
https://nvd.nist.gov/vuln/detail/CVE-2010-3670
https://security-tracker.debian.org/tracker/CVE-2010-3670
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE
Weakness Type (CWE)
Inadequate Encryption Strength
CWE-326
EPSS
Base Score:
0.13