Name of the Vulnerable Software and Affected Versions: Zend Framework 1 (affected versions not specified)

Description: The issue is related to insufficient entropy in random number generation methods used in various parts of the Zend Framework 1. Specifically, the methods Zend Ldap Attribute::createPassword, Zend Form Element Hash:: generateHash, Zend Gdata HttpClient::filterHttpRequest, Zend Filter Encrypt Mcrypt:: srand, and Zend OpenId::randomBytes use rand() or mt rand(), which are not suitable for generating cryptographically secure values. This could lead to information disclosure if an attacker can brute force the random number generation. Additionally, there is a potential security issue in the usage of the openssl random pseudo bytes() function in Zend Crypt Math::randBytes.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.