Zend\Captcha\Wordgenerates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this vulnerability announcement, the selection was performed using PHP's internal
array_rand()function. This function does not generate sufficient entropy due to its usage of
rand()instead of more cryptographically secure methods such as
openssl_pseudo_random_bytes(). This could potentially lead to information disclosure should an attacker be able to brute force the random number generation. This release contains a patch that replaces the
array_rand()calls to use
Zend\Math\Rand::getInteger(), which provides better RNG.
Zend\Crypt\PublicKey\Rsa\PublicKeyhas a call to
openssl_public_encrypt()which used PHP's default
$paddingargument, which specifies
OPENSSL_PKCS1_PADDING, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the Bleichenbacher's chosen-ciphertext attack, which can be used to recover an RSA private key. This release contains a patch that changes the padding argument to use
Users upgrading to this version may have issues decrypting previously stored
values, due to the change in padding. If this occurs, you can pass the
OPENSSL_PKCS1_PADDING to a new
$padding argument in
decrypt() (though typically this
should only apply to the latter):
$decrypted = $rsa->decrypt($data, $key, $mode, OPENSSL_PKCS1_PADDING);
$rsa is an instance of
$mode argument defaults are
Zend\Crypt\PublicKey\Rsa::MODE_AUTO, if you were not using them previously.)
We recommend re-encrypting any such values using the new defaults.
Please login to add feedback.