Description

The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.

Remediation

References

CVE-2008-4107

Related Vulnerabilities

jQuery Validation Uncontrolled Resource Consumption Vulnerability (CVE-2021-21252)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-6472)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Request Forgery (3.4.27)

e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-11127)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1509)

Severity

Medium

Classification

CVE-2008-4107

Tags

Missing Update Known Vulnerabilities