CSRF tokens are not cryptographically secure

A place for security related announcements and discussions - please check this forum frequently!
Post Reply
Posts: 12718
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE

CSRF tokens are not cryptographically secure

Post by cmb » Tue Oct 17, 2017 3:20 pm


It has been noticed that the CSRF tokens generated by CMSimple_XH are not cryptographically secure, and as such do not really fulfill their purpose. This issue has been fixed in CMSimple_XH 1.7.1, so it's best to update to this version. If you're still stuck with CMSimple_XH 1.6 for whatever reason, it is recommended that you apply the patch yourself. However, note that this will only work if you use at least PHP 7.0.0! Unfortunately, there is no easy fix for CMSimple_XH 1.6/PHP 5!
Christoph M. Becker –Plugins for CMSimple_XH, but not for CMSimple 4+

Post Reply