FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- Insecure password generation in JavaScript

Affected packages
4.5.0 <= phpmyadmin < 4.5.4

Details

VuXML ID 6f0c2d1b-c60b-11e5-bf36-6805ca0b3d42
Discovery 2016-01-28
Entry 2016-01-28

The phpMyAdmin development team reports:

Password suggestion functionality uses Math.random() which does not provide cryptographically secure random numbers.

We consider this vulnerability to be non-critical.

References

CVE Name CVE-2016-1927
URL https://www.phpmyadmin.net/security/PMASA-2016-4/