ZendFramework1 Potential Insufficient Entropy Vulnerability

We discovered several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. These random number generators are used in the following method calls: ZendLdapAttribute::createPassword ZendFormElementHash::generateHash ZendGdataHttpClient::filterHttpRequest...

GHSA-8XHV-GQM4-3W99 ZendFramework1 Potential Insufficient Entropy Vulnerability

We discovered several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. These random number generators are used in the following method calls: ZendLdapAttribute::createPassword ZendFormElementHash::generateHash ZendGdataHttpClient::filterHttpRequest...

GHSA-3FMQ-X9Q6-WM39 random_compat Uses insecure CSPRNG

randomcompat versions prior to 2.0 are affected by a security vulnerability related to the insecure usage of Cryptographically Secure Pseudo-Random Number Generators CSPRNG. The affected versions use opensslrandompseudobytes, which may result in insufficient entropy and compromise the security of...

random_compat Uses insecure CSPRNG

randomcompat versions prior to 2.0 are affected by a security vulnerability related to the insecure usage of Cryptographically Secure Pseudo-Random Number Generators CSPRNG. The affected versions use opensslrandompseudobytes, which may result in insufficient entropy and compromise the security of...

CVE-2021-23128 [20210302] - Core - Potential Insecure FOFEncryptRandval

An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF FOFEncryptRandval used an potential insecure implemetation. That has now been replaced with a call to 'randombytes' and its backport that is shipped within randomcompat...

[20210302] - Core - Potential Insecure FOFEncryptRandval

The core shipped but unused randval implementation within FOF FOFEncryptRandval used an potential insecure implemetation. That has now been replaced with a call to "randombytes" and its backport that is shipped within randomcompat...

Design/Logic Flaw

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

CVE-2016-1902

CVE-2016-1902 affects Symfony’s SecureRandom class prior to: 2.3.37, 2.6.x prior to 2.6.13, and 2.7.x prior to 2.7.9 when used with PHP 5.x without the paragonie/random_compat library. The OpenSSL/openssl_random_pseudo_bytes path may fail, causing weak or non-secure random numbers and undermining...

CVE-2016-1902

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails

Affected Versions Symfony 2.3.0 to 2.3.36, 2.6.0 to 2.6.12, 2.7.0 to 2.7.8 versions of the Security component are affected by this security issue when used with PHP 5.x without the paragonie/randomcompat library listed in your Composer dependencies. Projects using PHP 7 are not affected. This iss...