CVE-2010-1128

2010-03-26T16:30:00
ID CVE-2010-1128
Type cve
Reporter NVD
Modified 2010-12-10T01:39:13

Description

The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.