Facebook · Hhvm · CVE-2014-5386
**Name of the Vulnerable Software and Affected Versions**
HHVM versions prior to 3.3.0
**Description**
The issue concerns the mcrypt create iv function in HHVM, which does not properly seed the random number generator. This oversight makes it easier for remote attackers to defeat cryptographic protection mechanisms by exploiting the use of a single initialization vector.
**Recommendations**
For versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue.