CVE-2016-6485
N/A
N/A
Summary
The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/magento/magento2/pull/15017
- http://www.openwall.com/lists/oss-security/2016/07/19/3
- http://www.openwall.com/lists/oss-security/2016/07/27/14
References
- https://github.com/magento/magento2/pull/15017
- http://www.openwall.com/lists/oss-security/2016/07/19/3
- http://www.openwall.com/lists/oss-security/2016/07/27/14
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.