The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.
Vector
NETWORK
Complexity
HIGH
Authentication
NONE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
PHP 5.2.4
PHP 5.2.3
PHP 5.2.2
PHP 5.2.1
PHP 5.2.0
PHP PHP 5.1.6
PHP PHP 5.1.5
PHP 5.1.4
PHP PHP 5.1.2
PHP PHP 5.1.0
PHP PHP 5.0.5
PHP PHP 5.0.4
PHP PHP 5.0.1
PHP PHP 5.0.0 RC1
PHP PHP 5.0.0 Beta4
PHP PHP 5.0.0 Beta2
PHP PHP 5.0.0 Beta1
PHP 4.4.8
PHP PHP 4.4.7
PHP PHP 4.4.6
PHP PHP 4.4.5
PHP PHP 4.4.4
PHP PHP 4.4.3
PHP PHP 4.4.2
PHP PHP 4.4.1
PHP PHP 4.4.0
PHP PHP 4.3.11
PHP PHP 4.3.10
PHP PHP 4.3.9
PHP PHP 4.3.8
PHP PHP 4.3.7
PHP PHP 4.3.6
PHP PHP 4.3.5
PHP PHP 4.3.4
PHP PHP 4.3.3
PHP PHP 4.3.2
PHP PHP 4.3.1
PHP PHP 4.3.0
PHP PHP 4.2.3
PHP PHP 4.2.2
PHP PHP 4.2.1
PHP PHP 4.2.0
Php Php 4.2 Dev (not an official CPE)
PHP PHP 4.1.2
PHP PHP 4.1.1
PHP PHP 4.1.0
Php Php 4.0.7 Rc4 (not an official CPE)
Php Php 4.0.7 Rc3 (not an official CPE)
Php Php 4.0.7 Rc2 (not an official CPE)
PHP PHP 4.0.7
PHP PHP 4.0.6
PHP PHP 4.0.5
Php Php 4.0.4 Patch1 (not an official CPE)
Php Php 4.0.3 Patch1 (not an official CPE)
PHP PHP 4.0.2
Php Php 4.0.1 Patch2 (not an official CPE)
Php Php 4.0.1 Patch1 (not an official CPE)
PHP PHP 4.0.1
PHP PHP 4.0.0
Php Php 4.0 Rc2 (not an official CPE)
Php Php 4.0 Rc1 (not an official CPE)
PHP PHP 4.0 Beta 3
PHP PHP 4.0 Beta 1
PHP 5.2.5