Strix
26.1K

CVE-2016-6485

UnknownEPSS 0.85%

Last modified

CVE-2016-6485 is a vulnerability of currently unknown severity. The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.. EPSS estimates a 0.85% chance of exploitation in the next 30 days.

Description

The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.

Metrics

EPSS Probability
0.85%

53.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
MagentoMagento2All versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2016-6485?
The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.
How severe is CVE-2016-6485?
Severity scoring for CVE-2016-6485 is pending analysis. The EPSS model estimates a 0.85% probability of exploitation in the next 30 days.
How do I fix CVE-2016-6485?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-6485?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST