You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In above Screenshot we see filename and methos to change.
Fix
Using Below solution:
To generate secure random numbers in PHP, I'll be using random_int() function or the random_bytes() function, which are specifically designed for cryptographic purposes and provide a higher level of randomness.
To generate a random number within a specified range:
$randomNumber = random_int($min, $max);
To generate random bytes for cryptographic purposes.
$randomBytes = random_bytes($length);
The text was updated successfully, but these errors were encountered:
not all usage of rand() actually requires a CSPRNG... your list contains mostly false positives
At first glance, only usages around ADOdb sessions (crypt.inc.php, adodb-session*.php are potentially problematic.
This code is very old and shows its age... An in-depth refactoring would be needed, replacing rand() by random_int() would only scratch the surface and be kind of pointless, considering we have code performing md5 / sha1 "encryption", or relying on mcrypt (removed in PHP 7.2).
dregad
changed the title
PHP-Insecure Random (PEN test vlunerability)
Insecure Random number generation
Jan 16, 2024
Description
We found vlunerability in PEN test results.
Environment
Error found in below files and Method to Change.
Fix
Using Below solution:
To generate secure random numbers in PHP, I'll be using random_int() function or the random_bytes() function, which are specifically designed for cryptographic purposes and provide a higher level of randomness.
To generate a random number within a specified range:
$randomNumber = random_int($min, $max);
To generate random bytes for cryptographic purposes.
$randomBytes = random_bytes($length);
The text was updated successfully, but these errors were encountered: