News Feed
Jobs Feed
Sections




News Archive
feed this:

Secunia.com:
PHP SOAP Extension HTTP Authentication Weak Nonce
by Chris Cornutt May 16, 2007 @ 09:31:00

Secunia has a new advisory posted concerning an issue discovered with PHP's SOAP extension's HTTP authentication mechanism:

The weakness is caused due to the use of an uninitialized variable within the function "make_http_soap_request()" of the SOAP extension when calling "php_rand_r()" to generate the nonce for the digest authentication, which may result in a weak and predictable nonce.

The issue is marked as "less critical" but should still be taken into consideration. The issue has been corrected in the latest CVS commit.

1 comment voice your opinion now!
soap extension weak nonce phprandr cvs commit soap extension weak nonce phprandr cvs commit



Community Events









Don't see your event here?
Let us know!

interview framework functional testing composer api development example unittest introduction event object opinion community phpunit language zendframework2 code database release

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework