CVE-2010-4728

Name of the Vulnerable Software and Affected Versions Zikula versions prior to 1.3.1

Description The issue concerns the use of the rand and srand PHP functions for random number generation, making it easier for remote attackers to predict return values and defeat protection mechanisms based on randomization. This is demonstrated by the authid protection mechanism.

Recommendations For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue. As a temporary workaround, consider modifying the random number generation to use a more secure method until a patch is available.