Vulnerabilities > CVE-2008-4102 - Numeric Errors vulnerability in Joomla
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Common Weakness Enumeration (CWE)
References
- http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html
- http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html
- http://marc.info/?l=oss-security&m=122115344915232&w=2
- http://marc.info/?l=oss-security&m=122115344915232&w=2
- http://marc.info/?l=oss-security&m=122118210029084&w=2
- http://marc.info/?l=oss-security&m=122118210029084&w=2
- http://marc.info/?l=oss-security&m=122152798516853&w=2
- http://marc.info/?l=oss-security&m=122152798516853&w=2
- http://secunia.com/advisories/31789
- http://secunia.com/advisories/31789
- http://securityreason.com/securityalert/4271
- http://securityreason.com/securityalert/4271
- http://www.securityfocus.com/archive/1/496237/100/0/threaded
- http://www.securityfocus.com/archive/1/496237/100/0/threaded
- http://www.sektioneins.de/advisories/SE-2008-04.txt
- http://www.sektioneins.de/advisories/SE-2008-04.txt
- http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/
- http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45068
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45068