Use random_bytes() instead of uniqid/md5 in Common::generateUniqId() for improved security #13357
Labels
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Milestone
Replace Common::generateUniqId()'s use of md5 & uniqid w/ random_bytes() (there's are polyfills for PHP 5.*, eg, https://github.com/symfony/polyfill). Would prevent attackers from being able to guess what new token auths would be.
Noted in #12208
The text was updated successfully, but these errors were encountered: