CVE-2008-4107

Description

The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.

Software From Fixed in
php / php - 4.4.8.x
php / php - 5.2.5.x
php / php 4.0-beta1 4.0-beta1.x
php / php 4.0-beta3 4.0-beta3.x
php / php 4.0-rc1 4.0-rc1.x
php / php 4.0-rc2 4.0-rc2.x
php / php 4.0.0 4.0.0.x
php / php 4.0.1 4.0.1.x
php / php 4.0.1-patch1 4.0.1-patch1.x
php / php 4.0.1-patch2 4.0.1-patch2.x
php / php 4.0.2 4.0.2.x
php / php 4.0.3-patch1 4.0.3-patch1.x
php / php 4.0.4-patch1 4.0.4-patch1.x
php / php 4.0.5 4.0.5.x
php / php 4.0.6 4.0.6.x
php / php 4.0.7 4.0.7.x
php / php 4.0.7-rc2 4.0.7-rc2.x
php / php 4.0.7-rc3 4.0.7-rc3.x
php / php 4.0.7-rc4 4.0.7-rc4.x
php / php 4.1.0 4.1.0.x
php / php 4.1.1 4.1.1.x
php / php 4.1.2 4.1.2.x
php / php 4.2 4.2.x
php / php 4.2.0 4.2.0.x
php / php 4.2.1 4.2.1.x
php / php 4.2.2 4.2.2.x
php / php 4.2.3 4.2.3.x
php / php 4.3.0 4.3.0.x
php / php 4.3.1 4.3.1.x
php / php 4.3.10 4.3.10.x
php / php 4.3.11 4.3.11.x
php / php 4.3.2 4.3.2.x
php / php 4.3.3 4.3.3.x
php / php 4.3.4 4.3.4.x
php / php 4.3.5 4.3.5.x
php / php 4.3.6 4.3.6.x
php / php 4.3.7 4.3.7.x
php / php 4.3.8 4.3.8.x
php / php 4.3.9 4.3.9.x
php / php 4.4.0 4.4.0.x
php / php 4.4.1 4.4.1.x
php / php 4.4.2 4.4.2.x
php / php 4.4.3 4.4.3.x
php / php 4.4.4 4.4.4.x
php / php 4.4.5 4.4.5.x
php / php 4.4.6 4.4.6.x
php / php 4.4.7 4.4.7.x
php / php 5.0.0-beta1 5.0.0-beta1.x
php / php 5.0.0-beta2 5.0.0-beta2.x
php / php 5.0.0-beta4 5.0.0-beta4.x
php / php 5.0.0-rc1 5.0.0-rc1.x
php / php 5.0.1 5.0.1.x
php / php 5.0.4 5.0.4.x
php / php 5.0.5 5.0.5.x
php / php 5.1.0 5.1.0.x
php / php 5.1.2 5.1.2.x
php / php 5.1.4 5.1.4.x
php / php 5.1.5 5.1.5.x
php / php 5.1.6 5.1.6.x
php / php 5.2.0 5.2.0.x
php / php 5.2.1 5.2.1.x
php / php 5.2.2 5.2.2.x
php / php 5.2.3 5.2.3.x
php / php 5.2.4 5.2.4.x