| |
Vulnerability CVE-2014-5386
Published: 2014-12-28
| Description: |
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector. |
Type:
CWE-310 (Cryptographic Issues)
CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5/10 |
2.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
https://github.com/facebook/hhvm/commit/ab6fdeb84fb090b48606b6f7933028cfe7bf3a5e
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
