The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
PHP 5.2.4
PHP 5.2.3
PHP 5.2.2
PHP 5.2.1
PHP 5.2.0
PHP PHP 5.1.6
PHP PHP 5.1.5
PHP 5.1.4
PHP PHP 5.1.3
PHP PHP 5.1.2
PHP PHP 5.1.1
PHP PHP 5.1.0
PHP PHP 5.0.5
PHP PHP 5.0.4
PHP PHP 5.0.3
PHP PHP 5.0.2
PHP PHP 5.0.1
PHP PHP 5.0.0 RC3
PHP PHP 5.0.0 RC2
PHP PHP 5.0.0 RC1
PHP PHP 5.0.0 Beta3
PHP PHP 5.0.0 Beta2
PHP PHP 5.0.0 Beta1
Php Php 5 (not an official CPE)
PHP PHP 4.4.7