CVE-2008-4107 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-4107
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-4107

Description: The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.

CVE Status: Candidate

References: ST 1020869 SREASON http://securityreason.com/securityalert/4271 SAID Secunia Advisory: SA31737 Secunia Advisory: SA31870 OSVDB 48700 MLIST http://marc.info/?l=oss-security&m=122152830017099&w=2 http://www.openwall.com/lists/oss-security/2008/09/11/6 MISC http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/ http://www.sektioneins.de/advisories/SE-2008-05.txt http://www.sektioneins.de/advisories/SE-2008-04.txt http://www.sektioneins.de/advisories/SE-2008-02.txt FEDORA CONFIRM http://wordpress.org/development/2008/09/wordpress-262/ BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/496287/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/496237/100/0/threaded BID 31115

Return to the previous page.