2 matches found
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
In Zend Framework 2, the Zend\Math\Rand component generates random bytes using the OpenSSL or Mcrypt extensions when available but will otherwise use PHP's mtrand function as a fallback. All outputs from mtrand are predictable for the same PHP process if an attacker can brute force the seed used ...
GHSA-XG9W-R469-M455 ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
In Zend Framework 2, the Zend\Math\Rand component generates random bytes using the OpenSSL or Mcrypt extensions when available but will otherwise use PHP's mtrand function as a fallback. All outputs from mtrand are predictable for the same PHP process if an attacker can brute force the seed used ...