CVE-2016-6485

Published
View on NVD ↗
CVSS v3
N/A
CVSS v2
5
MEDIUM
Affected
1
PROJECT

Description

The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.

magento/magento2
magento/magento2
Prior to making any Submission(s), you must sign an Adobe Contributor License Agreement, available here at: https://opensource.adobe.com/cla.html. All Submissions you make to Adobe Inc. and its affiliates, assigns and subsidiaries (collectively “Adobe”) are subject to the terms of the Adobe Contributor License Agreement.
GitHubGitHub
12.1K