2 matches found
openSUSE Security Update : phpMyAdmin (openSUSE-2016-151)
This update to phpMyAdmin 4.4.15.4 fixes the following issues boo964024 - CVE-2016-2038: Multiple full path disclosure vulnerabilities - CVE-2016-2039: Unsafe generation of XSRF/CSRF token - CVE-2016-2040: Multiple XSS vulnerabilities - CVE-2016-1927: Insecure password generation in JavaScript -...
Unsafe generation of XSRF/CSRF token.
PMASA-2016-2 Announcement-ID: PMASA-2016-2 Date: 2016-01-24 Summary Unsafe generation of XSRF/CSRF token. Description The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values. Severity We consider this vulnerability to be...