Fork me on GitHub

You are not logged in. Please login or register.

Development

Download

Tickets

Milestones

Subscribe 3

Ticket #1081 (open enhancement)

openssl_random_pseudo_bytes() is not cryptographically secure

Created: 2016-02-24 02:52:09
Reported by: Visman
Assigned to: nsuchy

Milestone: 1.5.11
Component: security
Priority: normal

srand.php

   if (function_exists('openssl_random_pseudo_bytes') && 
       (version_compare(PHP_VERSION, '5.3.4') >= 0 ||

But the bug has been fixed in version 5.6.10 only https://bugs.php.net/bug.php?id=70014

History

Franz 2018-07-17 20:05:43

Milestone set to 1.5.11.

Franz 2018-07-17 22:02:33

Owner set to nsuchy.

Let's fix this by changing the version_compare() call accordingly.

The bug was fixed in 5.4 and 5.5 as well. Just search for "70014" on this PHP changelog.

Visman 2018-07-18 17:30:39

Fix in 5.6.12(!), 5.5.28 and 5.4.44.