Vulnerabilities

CVE-2014-5386

by Fred · 28/12/2014

The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector.

Date published : 2014-12-28

https://github.com/facebook/hhvm/commit/ab6fdeb84fb090b48606b6f7933028cfe7bf3a5e

Similar

Tags: Cybersecurity Alert