CVE-2016-6485

The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
magentomagento2
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2016/07/19/3
http://www.openwall.com/lists/oss-security/2016/07/27/14
https://github.com/magento/magento2/pull/15017
http://www.openwall.com/lists/oss-security/2016/07/19/3
http://www.openwall.com/lists/oss-security/2016/07/27/14
https://github.com/magento/magento2/pull/15017