Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.2.0

Bug #14671 Security issue due to seeding random number generator
Submitted: 2008-09-21 15:40 UTC
From: cweiske Assigned: cweiske
Status: Closed Package: Auth_SASL (version 1.0.2)
PHP Version: Irrelevant OS:
Roadmaps: (Not assigned)    
Subscription  


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 49 - 43 = ?

 
 [2008-09-21 15:40 UTC] cweiske (Christian Weiske)
Description: ------------ The package lowers the security of randomly generated numbers by seeding the random number generator by itself. Please remove the [mt_]srand() call from the code. For more information, read: http://www.nabble.com/Re%3A-Random-number-generation-security-problem-p19595503.html http://news.php.net/php.pear.dev/50791 http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/

Comments

 [2009-08-05 12:29 UTC] cweiske (Christian Weiske)
-Status: Analyzed +Status: Closed -Assigned To: +Assigned To: cweiske
Thank you for your bug report. This issue has been fixed in the latest released version of the package, which you can download at http://pear.php.net/get/ in 1.0.3