Vulnerability Database
296,746
Total vulnerabilities in the database
stormpath/sdk uses Insecure Random Number Generator
The vulnerability pertains to the usage of an insecure random number generator (RNG) in the "stormpath-sdk-php" library. Specifically, the issue is present in the generation of UUID (Universally Unique Identifier) version 4 within the codebase.
| Software | From | Fixed in |
|---|---|---|
stormpath / sdk
|
- | 1.19.0.x |
- https://github.com/FriendsOfPHP/security-advisories/blob/master/stormpath/sdk/2017-11-20.yaml
- https://github.com/stormpath/stormpath-sdk-php/blob/15aee3007b8aa41c20cdf28fd650b8a2368a7fa9/src/Util/UUID.php#L167-L181
- https://github.com/stormpath/stormpath-sdk-php/blob/62698ea98ef89217f932e28cf3e511d39af3b4cf/src/Authc/Api/ApiKeyEncryptionOptions.php#L48-L50
- https://github.com/stormpath/stormpath-sdk-php/issues/132
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime