CSRF tokens are not cryptographically secure

A place for security related announcements and discussions - please check this forum frequently!
cmb
Posts: 12029
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

CSRF tokens are not cryptographically secure

Postby cmb » Tue Oct 17, 2017 3:20 pm

Hi!

It has been noticed that the CSRF tokens generated by CMSimple_XH are not cryptographically secure, and as such do not really fulfill their purpose. This issue has been fixed in CMSimple_XH 1.7.1, so it's best to update to this version. If you're still stuck with CMSimple_XH 1.6 for whatever reason, it is recommended that you apply the patch yourself. However, note that this will only work if you use at least PHP 7.0.0! Unfortunately, there is no easy fix for CMSimple_XH 1.6/PHP 5!
Christoph M. Becker –Plugins for CMSimple_XH, but not for CMSimple 4+

Return to “Security”

Who is online

Users browsing this forum: No registered users and 1 guest