CVE-2007-2727

Name of the Vulnerable Software and Affected Versions PHP versions prior to 4.4.7 PHP versions 5.0.x and earlier PHP versions prior to 5.2.1

Description The issue affects the encryption process, making it easier for attackers to decrypt certain data due to guessable encryption keys. This is because the mcrypt create iv function generates the same initialization vector (IV) every time, as it uses an uninitialized seed variable when calling php rand r.

Recommendations For PHP versions prior to 4.4.7, update to version 4.4.7 or later. For PHP versions 5.0.x and earlier, update to a version later than 5.0.x. For PHP versions prior to 5.2.1, update to version 5.2.1 or later.