Fork me on GitHub
Subscribe 3

Ticket #1081 (open enhancement)

openssl_random_pseudo_bytes() is not cryptographically secure

  • Created: 2016-02-24 02:52:09
  • Reported by: Visman
  • Assigned to: nsuchy
  • Milestone: 1.5.11
  • Component: security
  • Priority: normal

srand.php

   if (function_exists('openssl_random_pseudo_bytes') && 
       (version_compare(PHP_VERSION, '5.3.4') >= 0 || 

But the bug has been fixed in version 5.6.10 only https://bugs.php.net/bug.php?id=70014

History

Franz 2018-07-17 20:05:43

  • Milestone set to 1.5.11.

Franz 2018-07-17 22:02:33

  • Owner set to nsuchy.

Let's fix this by changing the version_compare() call accordingly.

The bug was fixed in 5.4 and 5.5 as well. Just search for "70014" on this PHP changelog.

Visman 2018-07-18 17:30:39

Fix in 5.6.12(!), 5.5.28 and 5.4.44.