Fork me on GitHub
Subscribe 3

Ticket #1081 (fixed bug)

openssl_random_pseudo_bytes() is not cryptographically secure

  • Created: 2016-02-24 02:52:09
  • Reported by: Visman
  • Assigned to: Franz
  • Milestone: 1.5.11
  • Component: security
  • Priority: normal

srand.php

   if (function_exists('openssl_random_pseudo_bytes') && 
       (version_compare(PHP_VERSION, '5.3.4') >= 0 || 

But the bug has been fixed in version 5.6.10 only https://bugs.php.net/bug.php?id=70014

History

Franz 2018-07-17 20:05:43

  • Milestone set to 1.5.11.

Franz 2018-07-17 22:02:33

  • Owner set to nsuchy.

Let's fix this by changing the version_compare() call accordingly.

The bug was fixed in 5.4 and 5.5 as well. Just search for "70014" on this PHP changelog.

Visman 2018-07-18 17:30:39

Fix in 5.6.12(!), 5.5.28 and 5.4.44.

Franz 2018-12-29 22:25:07

  • Owner changed from nsuchy to Franz.

Franz 2018-12-29 22:32:17

  • Status changed from open to fixed.

Commit 6f8e99c to fluxbb master

Only use openssl_random_pseudo_bytes() when secure

Fixes #1081.

Franz 2018-12-30 21:13:16

  • Type changed from enhancement to bug.