The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) prior to 3.3.0 does not seed the random number generator, which makes it easier for remote malicious users to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
facebook hiphop virtual machine |