The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-03-01T20:00:00

Updated: 2024-08-06T01:29:20.240Z

Reserved: 2016-07-27T00:00:00

Link: CVE-2016-6485

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-03-01T20:59:00.220

Modified: 2024-11-21T02:56:12.790

Link: CVE-2016-6485

cve-icon Redhat

No data.