PT-2017-8982 · Adobe · Magento 2

Barryvdh

Published

2017-03-01

Updated

2019-11-20

CVE-2016-6485

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Magento 2 (affected versions not specified)

Description The issue concerns the generation of a random number for the initialization vector in the construct function, located in Framework/Encryption/Crypt.php. This function utilizes the PHP rand function, which can make it easier for remote attackers to guess the value and defeat cryptographic protection mechanisms.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

CVE-2016-6485

GHSA-H7QW-MXRM-C6H2

Affected Products

Magento 2

PT-2017-8982 · Adobe · Magento 2

CVE-2016-6485

Weakness Enumeration

Related Identifiers

Affected Products

References · 7