Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2013-12-07T21:00:00
Updated: 2024-08-06T17:39:01.161Z
Reserved: 2013-11-04T00:00:00
Link: CVE-2013-6386
Vulnrichment
No data.
NVD
Status : Modified
Published: 2013-12-07T21:55:10.077
Modified: 2014-01-14T04:28:58.720
Link: CVE-2013-6386
Redhat
No data.