You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Random number generators from PHP that are insecurely seeded (often with the current timestamp) are used throughout the CDash codebase. Using random numbers in this way often has security implications.
The use of random number generators can be improved using the same solution applied in pull request #147. This uses the PHP 7 native random number generation functions, and relies upon the paragonie/random_compat library to provide support in PHP 5.
ghost
mentioned this issue
Random number generators from PHP that are insecurely seeded (often with the current timestamp) are used throughout the CDash codebase. Using random numbers in this way often has security implications.
The use of random number generators can be improved using the same solution applied in pull request #147. This uses the PHP 7 native random number generation functions, and relies upon the paragonie/random_compat library to provide support in PHP 5.
./cdash/common.php: srand(make_seed_recoverpass());
./login.php:$stamp = md5(srand(5));
./login_functions.php: srand(make_seed_recoverpass());
./login_functions.php: srand(make_seed_recoverpass());
./manageProjectRoles.php: srand(make_seed_recoverpass());
./register.php: srand(microtime_float());
./cdash/do_submit.php: $filename = $CDASH_BACKUP_DIRECTORY."/".mt_rand().".xml";
The text was updated successfully, but these errors were encountered: