4 matches found
Design/Logic Flaw
The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...
CVE-2016-1902
CVE-2016-1902 affects Symfony’s SecureRandom class prior to: 2.3.37, 2.6.x prior to 2.6.13, and 2.7.x prior to 2.7.9 when used with PHP 5.x without the paragonie/random_compat library. The OpenSSL/openssl_random_pseudo_bytes path may fail, causing weak or non-secure random numbers and undermining...
CVE-2016-1902
The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...
CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails
Affected Versions Symfony 2.3.0 to 2.3.36, 2.6.0 to 2.6.12, 2.7.0 to 2.7.8 versions of the Security component are affected by this security issue when used with PHP 5.x without the paragonie/randomcompat library listed in your Composer dependencies. Projects using PHP 7 are not affected. This iss...