CVE-2010-1128
PHP < 5.2.13 - Insufficient Entropy in Linear Congruential Generator
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2010-1128. PoCs published by Rasmus.
AI-analyzed exploit summary This entry describes a vulnerability in PHP's LCG entropy mechanism affecting versions prior to 5.2.13, which could allow attackers to steal sessions or sensitive data. However, the provided content lacks actual exploit code or technical details.
Description
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.
Exploits (1)
This entry describes a vulnerability in PHP's LCG entropy mechanism affecting versions prior to 5.2.13, which could allow attackers to steal sessions or sensitive data. However, the provided content lacks actual exploit code or technical details.