Back to search
CVE-2008-4107
Published: Sep 18, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
31737
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20080916 Re: CVE request: wordpress < 2.6.2
mailing-list
x_refsource_MLIST
4271
third-party-advisory
x_refsource_SREASON
31115
vdb-entry
x_refsource_BID
20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability
mailing-list
x_refsource_BUGTRAQ
ADV-2008-2553
vdb-entry
x_refsource_VUPEN
[oss-security] 20080911 CVE request: wordpress < 2.6.2
mailing-list
x_refsource_MLIST
48700
vdb-entry
x_refsource_OSVDB
http://www.sektioneins.de/advisories/SE-2008-05.txt
x_refsource_MISC
31870
third-party-advisory
x_refsource_SECUNIA
20080911 Advisory 05/2008: Wordpress user_login Column SQL Truncation Vulnerability
mailing-list
x_refsource_BUGTRAQ
1020869
vdb-entry
x_refsource_SECTRACK
FEDORA-2008-7902
vendor-advisory
x_refsource_FEDORA
FEDORA-2008-7760
vendor-advisory
x_refsource_FEDORA
php-rand-mtrand-weak-security(45956)
vdb-entry
x_refsource_XF
http://wordpress.org/development/2008/09/wordpress-262/
x_refsource_CONFIRM
http://www.sektioneins.de/advisories/SE-2008-04.txt
x_refsource_MISC
http://www.sektioneins.de/advisories/SE-2008-02.txt
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now