FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- Unsafe generation of XSRF/CSRF token

Affected packages
4.5.0 <= phpmyadmin < 4.5.4

Details

VuXML ID 60ab0e93-c60b-11e5-bf36-6805ca0b3d42
Discovery 2016-01-28
Entry 2016-01-28

The phpMyAdmin development team reports:

The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values.

We consider this vulnerability to be non-critical.

References

CVE Name CVE-2016-2039
URL https://www.phpmyadmin.net/security/PMASA-2016-2/