@mattab opened this Issue on August 28th 2018 Member

Replace Common::generateUniqId()'s use of md5 & uniqid w/ random_bytes() (there's are polyfills for PHP 5.*, eg, https://github.com/symfony/polyfill). Would prevent attackers from being able to guess what new token auths would be.

Noted in https://github.com/matomo-org/matomo/pull/12208

@sgiehl commented on February 17th 2020 Member

already fixed with #13357

This Issue was closed on February 17th 2020
Powered by GitHub Issue Mirror