Description
The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2014-0378 Vulnerability (CVE-2014-0378)
WordPress Plugin Catch Web Tools Security Bypass (2.6.6)
WordPress 2.5 Cookie Integrity Protection Unauthorized Access Vulnerability (0.6.2 - 2.5)
WordPress Plugin WP Fastest Cache Multiple Vulnerabilities (0.9.4)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-2986)