Bug #14671 :: Security issue due to seeding random number generator

Package home | Report new bug | New search | Development Roadmap

Status: Open | Feedback | All | Closed Since Version 1.2.0

Bug #14671	Security issue due to seeding random number generator
Submitted:	2008-09-21 15:40 UTC
From:	cweiske	Assigned:	cweiske
Status:	Closed	Package:	Auth_SASL (version 1.0.2)
PHP Version:	Irrelevant	OS:
Roadmaps:	(Not assigned)
Subscription	Your email:

Comments Patches (1) Add Comment Add patch

[2008-09-21 15:40 UTC] cweiske (Christian Weiske)

Description:
------------
The package lowers the security of randomly generated numbers by seeding the random number generator by itself. Please remove the [mt_]srand() call from the code.

For more information, read:
http://www.nabble.com/Re%3A-Random-number-generation-security-problem-p19595503.html
http://news.php.net/php.pear.dev/50791
http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/

Comments

[2009-08-05 12:29 UTC] cweiske (Christian Weiske)

-Status:      Analyzed
+Status:      Closed
-Assigned To:
+Assigned To: cweiske
Thank you for your bug report. This issue has been fixed
in the latest released version of the package, which you can download at
http://pear.php.net/get/

in 1.0.3