Typo3: still 30 % vulnerable to latest critical security hole

A quick scan of sites made with Typo3 told me that 99 of 330 pages are still vulnerable to the last Typo3 security bug that allows to read all .php files, including localconf.php (where the database password and other things ard stored) at the moment.

That means that about 30 % of all Typo3 pages show their database passwords (and other things) in clear text 5 days after the security bulletin has been sent out.