CVE-2016-6485

2017-03-01T20:59:00
ID CVE-2016-6485
Type cve
Reporter cve@mitre.org
Modified 2018-07-10T01:29:00

Description

The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.