Randomness attacks against PHP applications

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.

Posted by dokumori on February 9, 2013 at 1:42am

In this paper it is reported many PHP applications make false assumption about the true randomeness of the core PHP random funcions and it might lead to attacks, for example using the password reset features. Drupal may also be affected by this e.g. 6 session cookie generation.

If anyone researches this and find Drupal to be actually vulnerable, please report to the security team.

Security

You must register or login in order to post into this group.

Group organizers

greggles
mlhess
coltrane

New groups

INACTIVE GROUP
Western Ohio User Group
Goa Drupal Community
Drupal community in Democratic republic of Congo
Liverpool
Chandigarh Drupal Geeks (C.D.G.)
API-First Working Group
Compony opinionated developers
Drupal Kashmir
4SPOTS

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

All posts:
- Feed
- Page

Hot content this week

April Meetup: Demo of Event Platform module + trying out Single Directory Components

1 week 1 day ago