Linux Distros Unpatched Vulnerability : CVE-2016-9847

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. When the user does not specify a blowfishsecret key for encrypting cookies, phpMyAdmin generates one at runtime. A...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9847. Reason: This candidate is a reservation duplicate of CVE-2016-9847. Notes: All CVE users should reference CVE-2016-9847 instead of this candidate. All references and descriptions in this candidate have been removed to...

phpMyAdmin Multiple Security Vulnerabilities - 04 (Dec 2016) - Linux

phpMyAdmin is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...

CVE-2016-9847

The CVE-2016-9847 issue affects phpMyAdmin, where not specifying a blowfish_secret for cookie encryption causes a runtime-generated value that uses a weak algorithm. Affected are phpMyAdmin releases: 4.6.x before 4.6.5, 4.4.x before 4.4.15.9, and 4.0.x before 4.0.10.18. The weak construction coul...

CVE-2016-9847

An issue was discovered in phpMyAdmin. When the user does not specify a blowfishsecret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's...

Unsafe generation of blowfish secret

PMASA-2016-58 Announcement-ID: PMASA-2016-58 Date: 2016-11-25 Updated: 2016-12-06 Summary Unsafe generation of blowfish secret Description When the user does not specify a blowfishsecret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way th...