News Feed

News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way
PHP SOAP Extension HTTP Authentication Weak Nonce
May 16, 2007 @ 09:31:00

Secunia has a new advisory posted concerning an issue discovered with PHP's SOAP extension's HTTP authentication mechanism:

The weakness is caused due to the use of an uninitialized variable within the function "make_http_soap_request()" of the SOAP extension when calling "php_rand_r()" to generate the nonce for the digest authentication, which may result in a weak and predictable nonce.

The issue is marked as "less critical" but should still be taken into consideration. The issue has been corrected in the latest CVS commit.

1 comment voice your opinion now!
soap extension weak nonce phprandr cvs commit soap extension weak nonce phprandr cvs commit

blog comments powered by Disqus

Similar Posts

Luc de Brouwer's Blog: Never having to use $_GET or $_POST again

Zend Developer Zone: Mastering Joomla! 1.5

Community News: eZ Systems Releases eZ Publish Extension for Oracle Database (under GPL)

Derick Rethans' Blog: Available for PHP Extension Writing Manual restructure and license change

Community Events

Don't see your event here?
Let us know!

language release laravel project api series interview framework introduction code podcast application community wordpress library list configure threedevsandamaybe developer bugfix

All content copyright, 2014 :: - Powered by the Solar PHP Framework