Vulnerabilities > Magento > Magento2 > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-03-01 CVE-2016-6485 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Magento Magento2
The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.
network
low complexity
magento CWE-327
5.0