CVE-2016-5100: Use of Insufficiently Random Values

February 13, 2017 (updated February 24, 2017)

Froxl uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.

References

github.com/Froxlor/Froxlor/commit/da4ec3e1b591de96675817a009e26e05e848a6ba
nvd.nist.gov/vuln/detail/CVE-2016-5100

Code Behaviors & Features

Detect and mitigate CVE-2016-5100 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →