CVE-2008-4102
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.
We have discovered 195,641 live websites that are affected by CVE-2008-4102.
Affected Software
| Product |  Joomla |
| Category | Content Management System |
| Vulnerable Domains | 195,641 live websites (95% of Joomla install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 1 versions ( 0.97% of all versions) |
Details
- Published - Sep 19, 2008
- Updated - Aug 7, 2024
CVE References
Website Distribution by Country
Number of websites using CVE-2008-4102 United States | 14,486 websites |
 Italy | 51,181 websites |
 Russia | 13,611 websites |
 GB | 12,086 websites |
 Poland | 11,933 websites |
 Germany | 10,934 websites |
 Netherlands | 8,337 websites |
 Australia | 6,542 websites |
 South Africa | 6,336 websites |
 France | 4,738 websites |
Website Distribution by TLD
Number of websites using CVE-2008-4102| .com | 48,426 websites |
| .it | 33,475 websites |
| .ru | 11,465 websites |
| .pl | 8,465 websites |
| .org | 6,193 websites |
| .co.uk | 5,791 websites |
| .nl | 5,728 websites |
| .de | 5,403 websites |
| .com.au | 4,672 websites |
| .net | 4,423 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2008-4102
Top websites that are affected by CVE-2008-4102. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****************.de | Germany | *,*** | |
| *******.**.ca |  Canada | *,*** | |
| ***********.**.za | South Africa | **,*** | |
| **************.se |  Sweden | **,*** | |
| ***************.com | Italy | **,*** | |
| *********.com | GB | **,*** | |
| *****.**.uk | GB | **,*** | |
| ************.com | Germany | **,*** | |
| *********************.com | United States | **,*** | |
| ****.pl | Poland | **,*** |
References
- http://marc.info/?l=oss-security&m=122152798516853&w=2
- http://securityreason.com/securityalert/4271
- http://www.securityfocus.com/archive/1/496237/100/0/threaded
- http://secunia.com/advisories/31789
- http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45068
- http://marc.info/?l=oss-security&m=122115344915232&w=2
- http://marc.info/?l=oss-security&m=122118210029084&w=2
- http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html
- http://www.sektioneins.de/advisories/SE-2008-04.txt