|Date: (C)2008-09-18 (M)2017-08-08|
|CVSS Score: 5.1||Access Vector: NETWORK|
|Exploitability Subscore: 4.9||Access Complexity: HIGH|
|Impact Subscore: 6.4||Authentication: NONE|
| ||Confidentiality: PARTIAL|
| ||Integrity: PARTIAL|
| ||Availability: PARTIAL|
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.