News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Secunia.com:
PHP SOAP Extension HTTP Authentication Weak Nonce
May 16, 2007 @ 09:31:00

Secunia has a new advisory posted concerning an issue discovered with PHP's SOAP extension's HTTP authentication mechanism:

The weakness is caused due to the use of an uninitialized variable within the function "make_http_soap_request()" of the SOAP extension when calling "php_rand_r()" to generate the nonce for the digest authentication, which may result in a weak and predictable nonce.

The issue is marked as "less critical" but should still be taken into consideration. The issue has been corrected in the latest CVS commit.

1 comment voice your opinion now!
soap extension weak nonce phprandr cvs commit soap extension weak nonce phprandr cvs commit


blog comments powered by Disqus

Similar Posts

DZone.com: All the ways to perform HTTP requests in PHP

Christian Stocker's Blog: Upload Progress Meter extension 0.9.2 released

Christopher Jones' Blog: PHP OCI8 Extension 1.2.4 is in PECL

Chris Hartjes' Blog: How Easy Are Web Services in CakePHP 1.2? Really Easy!

Christopher Jones' Blog: Configuring and Running PHP's OCI8 tests


Community Events











Don't see your event here?
Let us know!


unittest symfony2 framework code install introduction language package application podcast component overview composer security release hhvm series opinion hack facebook

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework