The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2008-05-07T21:00:00
Updated: 2018-10-11T19:57:01
Reserved: 2008-05-07T00:00:00
Link: CVE-2008-2108
JSON object: View
NVD Information
Status : Analyzed
Published: 2008-05-07T21:20:00.000
Modified: 2024-02-15T03:29:57.497
Link: CVE-2008-2108
JSON object: View
Redhat Information
No data.
CWE