logo

Database

Insecure generation of random numbers In phpmyadmin/phpmyadmin

Description

phpMyAdmin Cryptographic Vulnerability The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2016-19272. NVD-2016-19273. OSV-2016-19274. OSV-DEBIAN-2016-19275. GCVE-2016-19276. SECURITY-TRACKER-CVE-2016-1927

References

1. https://github.com/phpmyadmin/phpmyadmin/commit/2369daa7f5f550797f560e6b46a021e4558c2d722. https://github.com/phpmyadmin/phpmyadmin/commit/5530a72e162fab442218486a90ff3365c96fde983. https://github.com/phpmyadmin/phpmyadmin/commit/6a96e67487f2faecb4de4204fee9b96b940207204. https://github.com/phpmyadmin/phpmyadmin/commit/8b6737735be5787d0b98c6cdfe2c7e3131b1bc955. https://github.com/phpmyadmin/phpmyadmin/commit/8dedcc1a175eb07debd4fe116407c43694c60b226. https://github.com/phpmyadmin/phpmyadmin/commit/912856b432d794201884c36e5f390d446339b6e47. http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html8. http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html9. http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html10. http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html11. http://www.debian.org/security/2016/dsa-362712. http://www.phpmyadmin.net/home_page/security/PMASA-2016-4.php

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.