2 matches found
Insecure Random Number Generator
phpservermon/phpservermon uses an insecure random number generator. The vulnerability exists in the generatePasswordResetToken function of User.php because of the insecure mtrand random number generator function which allows an attacker to guess the reset password hashes...
in phpservermon/phpservermon
✍️ Description The random number generator implemented by mtrand cannot withstand a cryptographic attack. Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. In this case the function that generates...