PT-2010-2844 · Php+1 · Php+1
Grzegorz Stachowiak
·
Published
2010-03-26
·
Updated
2010-12-10
·
CVE-2010-1128
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
PHP versions prior to 5.2.13
Description
The Linear Congruential Generator (LCG) in PHP does not provide the expected entropy, making it easier for attackers to guess values that were intended to be unpredictable, such as session cookies generated by the uniqid function.
Recommendations
For versions prior to 5.2.13, update to version 5.2.13 or later to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Php
Red Hat