The weakness is caused due to the use of an uninitialized variable within the function "make_http_soap_request()" of the SOAP extension when calling "php_rand_r()" to generate the nonce for the digest authentication, which may result in a weak and predictable nonce.

The issue is marked as "less critical" but should still be taken into consideration. The issue has been corrected in the latest CVS commit.