PT-2017-8982 · Adobe · Magento 2
Barryvdh
+2
·
Publicado
2017-03-01
·
Atualizado
2019-11-20
·
CVE-2016-6485
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Magento 2 (affected versions not specified)
Description
The issue concerns the generation of a random number for the initialization vector in the
construct function, located in Framework/Encryption/Crypt.php. This function utilizes the PHP rand function, which can make it easier for remote attackers to guess the value and defeat cryptographic protection mechanisms.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Use of a Broken Cryptographic Algorithm
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Magento 2