CVE-2010-1128

The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.

We have discovered 178,622 live websites that are affected by CVE-2010-1128.

Test my site



Affected Software

Product  PHP
Category Programming Languages
Vulnerable Domains178,622 live websites (2.05% of PHP install base)
Vulnerable Versions
  • from 0 before 5.2.13
Vulnerable Versions Count78 versions ( 14.26% of all versions)



Details

  • Published - Mar 27, 2010
  • Updated - Aug 7, 2024

CVE-2010-1128 usage by Country

United States13,377 websites


Taiwan96,895 websites
Germany12,852 websites
France7,400 websites
Japan7,134 websites
Korea, South5,391 websites
Russia4,098 websites
Hungary3,621 websites
Italy3,218 websites

CVE-2010-1128 usage by TLD

.com104,469 websites
.de10,923 websites
.info8,308 websites
.net5,384 websites
.ru3,585 websites
.org3,094 websites
.jp2,255 websites
.fr2,191 websites
.cz2,050 websites
.it1,831 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2010-1128

Top websites that are affected by CVE-2010-1128. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
**********.com United States***
**********.us United States*,***
*****.***.tw Taiwan*,***
**********.*****.de Germany*,***
***.**********.us United States*,***
***********.jp Japan**,***
****.info France**,***
*****.jp Japan**,***
******.com Taiwan**,***
*********.com United States**,***
See full domain list

FAQ

A total of 178,622 websites have been identified as vulnerable to CVE-2010-1128, discovered through global website indexing conducted by WebTechSurvey.
PHP is susceptible to CVE-2010-1128 vulnerability.
PHP versions before 5.2.13 are vulnerable to CVE-2010-1128.
Version 5.2.13 of PHP addresses the CVE-2010-1128 security vulnerability.