Description

The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.

Remediation

References

CVE-2010-1128

Related Vulnerabilities

WordPress Plugin Limit Login Attempts Reloaded Security Bypass (2.7.4)

PHP CVE-2011-1467 Vulnerability (CVE-2011-1467)

WordPress Plugin PDF Flipbook, 3D Flipbook WordPress-DearFlip Unspecified Vulnerability (1.7.12)

Apache Tomcat Other Vulnerability (CVE-2005-4703)

OpenVPN AS Other Vulnerability (CVE-2006-1629)

Severity

Medium

Classification

CVE-2010-1128

Tags

Missing Update Known Vulnerabilities