Vulnerability Database
289,689
Total vulnerabilities in the database
stormpath/sdk uses Insecure Random Number Generator
The vulnerability pertains to the usage of an insecure random number generator (RNG) in the "stormpath-sdk-php" library. Specifically, the issue is present in the generation of UUID (Universally Unique Identifier) version 4 within the codebase.
| Software | From | Fixed in |
|---|---|---|
stormpath / sdk
|
- | 1.19.0.x |
- https://github.com/FriendsOfPHP/security-advisories/blob/master/stormpath/sdk/2017-11-20.yaml
- https://github.com/stormpath/stormpath-sdk-php/blob/15aee3007b8aa41c20cdf28fd650b8a2368a7fa9/src/Util/UUID.php#L167-L181
- https://github.com/stormpath/stormpath-sdk-php/blob/62698ea98ef89217f932e28cf3e511d39af3b4cf/src/Authc/Api/ApiKeyEncryptionOptions.php#L48-L50
- https://github.com/stormpath/stormpath-sdk-php/issues/132