CVE-2008-4102

Published: Sep 18, 2008Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.

Affected (7)

Products: Joomla: Joomla

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Joomla Joomla	Version 1.5.1
Joomla Joomla	Version 1.5.2
Joomla Joomla	Version 1.5.3
Joomla Joomla	Version 1.5.4
Joomla Joomla	Version 1.5.5
Joomla Joomla	Version 1.5.6
Joomla Joomla	Version 1.5

Related CWEs

References (20)

http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html

Source: cve@mitre.org

http://marc.info/?l=oss-security&m=122115344915232&w=2

Source: cve@mitre.org

http://marc.info/?l=oss-security&m=122118210029084&w=2

Source: cve@mitre.org

http://marc.info/?l=oss-security&m=122152798516853&w=2

Source: cve@mitre.org

http://secunia.com/advisories/31789

Source: cve@mitre.org

http://securityreason.com/securityalert/4271

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/496237/100/0/threaded

Source: cve@mitre.org

http://www.sektioneins.de/advisories/SE-2008-04.txt

Source: cve@mitre.org

http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/45068

Source: cve@mitre.org

http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=oss-security&m=122115344915232&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=oss-security&m=122118210029084&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=oss-security&m=122152798516853&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31789

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/4271

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/496237/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.sektioneins.de/advisories/SE-2008-04.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/45068

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.