Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP mcrypt_create_iv不安全加密实现漏洞
Vulnerability Description
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP生成随机加密种子的算法上存在漏洞,远程攻击者可能利用此漏洞获取非授权访问。 PHP的mcrypt_create_iv()函数以未初始化的变量做为种子调用php_rand_r(),导致生成器反复生成相同的IV,具体取决于系统的栈结构。在某些情况下栈结构可能导致生成完全可预测的种子,因此也会生成可预测的IV,而非随机的IV会导致较弱的加密算法。
CVSS Information
N/A
Vulnerability Type
N/A