CVE-2016-6485 (HIGH) CVSS 7.5 - Experience Digest

🟠 Severity: HIGH (CVSS 7.5)

The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.

Published: 2017-03-01
Last Modified: 2026-05-13 ⚠️

References:

www.openwall.com/lists/oss…
www.openwall.com/lists/oss…
github.com/magento/m…
www.openwall.com/lists/oss…
www.openwall.com/lists/oss…

View Full CVE Details on NIST NVD →