CVE-2010-5066

Name of the Vulnerable Software and Affected Versions Virtual War (aka VWar) version 1.6.1 R2

Description The issue concerns the createRandomPassword function, which uses a limited range of values for the seed argument in the PHP mt srand function. This limitation makes it easier for remote attackers to determine randomly generated passwords through a brute-force attack.

Recommendations For Virtual War (aka VWar) version 1.6.1 R2, consider modifying the createRandomPassword function to utilize a more secure method for generating random passwords, such as using a cryptographically secure pseudorandom number generator. As a temporary workaround, restrict access to password generation functionality to minimize the risk of exploitation.