The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which makes it easier for remote malicious users to determine randomly generated passwords via a brute-force attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vwar virtual war 1.6.1 |