Cryptographic Issues

CVE-2013-6386

Medium

6.8/10

Summary

Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-310 - Cryptographic Issues

Cryptographic issues is a category of weaknesses related to the design and implementation of the confidentiality and integrity of data. If not addressed, the weaknesses in this category can lead to data quality degradation.

References

Advisory Timeline

Published Dec 07, 2013

Cryptographic Issues

CVE-2013-6386

Summary

CWE-310 - Cryptographic Issues

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS