TYPO3 prior to 4.3.4 and 4.4.x prior to 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.
typo3 typo3