PHP blunders with random numbers

Security expert Andreas Bogk warns that, despite recent PHP improvements, the session IDs of users who are logged into PHP applications remain guessable. Upon close examination, the alleged improvements display frightening weaknesses.

PHP assigns a session ID in order to allow individual page calls to be allocated to a specific logged-in user. To prevent attackers from using a forged session ID to take control of a session, the ID is chosen supposedly at random. When computers require random numbers, invariably a pseudo random number generator such as the Linear Congruential Generator (LCG) will be used.

Read more at H-online

Comments are closed.