Drupal core directly used the mt_rand() pseudorandom number generator for generating security related strings used in several core modules. It was found that brute force tools could determine the seeds making these strings predictable under certain circumstances.

Part of security release SA-CORE-2013-003

This vulnerability affects the following application versions:

  • Drupal 6.0
  • Drupal 6.1
  • Drupal 6.2
  • Drupal 6.3
  • Drupal 6.4
  • Drupal 6.5
  • Drupal 6.6
  • Drupal 6.7
  • Drupal 6.8
  • Drupal 6.9
  • Drupal 6.10
  • Drupal 6.11
  • Drupal 6.12
  • Drupal 6.13
  • Drupal 6.14
  • Drupal 6.15
  • Drupal 6.16
  • Drupal 6.17
  • Drupal 6.18
  • Drupal 6.19
  • Drupal 6.20
  • Drupal 6.21
  • Drupal 6.22
  • Drupal 6.23
  • Drupal 6.24
  • Drupal 6.25
  • Drupal 6.26
  • Drupal 6.27
  • Drupal 6.28
  • Drupal 7.0
  • Drupal 7.1
  • Drupal 7.2
  • Drupal 7.3
  • Drupal 7.4
  • Drupal 7.5
  • Drupal 7.6
  • Drupal 7.7
  • Drupal 7.8
  • Drupal 7.9
  • Drupal 7.10
  • Drupal 7.11
  • Drupal 7.12
  • Drupal 7.13
  • Drupal 7.14
  • Drupal 7.15
  • Drupal 7.16
  • Drupal 7.17
  • Drupal 7.18
  • Drupal 7.19
  • Drupal 7.20
  • Drupal 7.21
  • Drupal 7.22
  • Drupal 7.23

Skriv et svar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *