PHPDeveloper.org: Secunia.com: PHP SOAP Extension HTTP Authentication Weak Nonce

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

News Archive

Community News: Latest Releases from PHPClasses.org

PHPMaster.com: Data Structures for PHP Devs: Stacks and Queues

Alessandro Nadalin: Integrating Twig in Your Legacy PHP Code

Fabien Potencier: Packing a Symfony full-stack Framework Application in one File - Bootstrapping

Community News: Packagist Latest Releases for 06.18.2013

Community News: Latest PECL Releases for 06.18.2013

Sameer Borate: Simple user authentication in Laravel 4

php|architect: Re: Branding php[architect]

/Dev/Hell Podcast: Episode 33: Pol Pot-level Sucks

MaltBlue.com: Using ZFTool for Basic Project Management

Secunia.com:
PHP SOAP Extension HTTP Authentication Weak Nonce

by Chris Cornutt May 16, 2007 @ 09:31:00

Secunia has a new advisory posted concerning an issue discovered with PHP's SOAP extension's HTTP authentication mechanism:

The weakness is caused due to the use of an uninitialized variable within the function "make_http_soap_request()" of the SOAP extension when calling "php_rand_r()" to generate the nonce for the digest authentication, which may result in a weak and predictable nonce.

The issue is marked as "less critical" but should still be taken into consideration. The issue has been corrected in the latest CVS commit.

1 comment voice your opinion now!
soap extension weak nonce phprandr cvs commit soap extension weak nonce phprandr cvs commit

blog comments powered by Disqus

Similar Posts

Christopher Jones' Blog: It's feature freeze time for PHP 5.3

Rasmus Lerdorf's Blog: ZeroMQ + libevent in PHP

Rob Richards Blog: New XML Features and WSSE and ext/soap

Terry Chay's Blog: Clever HTTP

Perplexed Labs Blog: PHP Forking to Concurrency with pcntl_fork()

Community Events

Don't see your event here?
Let us know!

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework