The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/07/19/3 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/07/27/14 | Mailing List Third Party Advisory |
https://github.com/magento/magento2/pull/15017 |
Configurations
History
No history.
Information
Published : 2017-03-01 20:59
Updated : 2024-02-04 19:11
NVD link : CVE-2016-6485
Mitre link : CVE-2016-6485
CVE.ORG link : CVE-2016-6485
JSON object : View
Products Affected
magento
- magento2
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm