The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/07/19/3 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/07/27/14 | Mailing List Third Party Advisory |
https://github.com/magento/magento2/pull/15017 | |
http://www.openwall.com/lists/oss-security/2016/07/19/3 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/07/27/14 | Mailing List Third Party Advisory |
https://github.com/magento/magento2/pull/15017 |
Configurations
History
21 Nov 2024, 02:56
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2016/07/19/3 - Mailing List, Third Party Advisory | |
References | () http://www.openwall.com/lists/oss-security/2016/07/27/14 - Mailing List, Third Party Advisory | |
References | () https://github.com/magento/magento2/pull/15017 - |
Information
Published : 2017-03-01 20:59
Updated : 2024-11-21 02:56
NVD link : CVE-2016-6485
Mitre link : CVE-2016-6485
CVE.ORG link : CVE-2016-6485
JSON object : View
Products Affected
magento
- magento2
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm