Wind River Support Network

HomeDefectsLIN8-5366
Fixed

LIN8-5366 : Security Advisory - phpmyadmin - CVE-2016-9847

Created: Dec 15, 2016    Updated: Dec 3, 2018
Resolved Date: Dec 21, 2016
Found In Version: 8.0.0.11
Fix Version: 8.0.0.13
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9847

Other Downloads


CVEs


Live chat
Online