Skip to content

Use random_bytes() instead of uniqid/md5 in Common::generateUniqId() for improved security #13357

New issue
New issue
Closed
Closed
Use random_bytes() instead of uniqid/md5 in Common::generateUniqId() for improved security#13357
Labels
c: SecurityFor issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Milestone
4.0.0
@mattab

Description

@mattab
mattab
opened on Aug 28, 2018

Replace Common::generateUniqId()'s use of md5 & uniqid w/ random_bytes() (there's are polyfills for PHP 5.*, eg, https://github.com/symfony/polyfill). Would prevent attackers from being able to guess what new token auths would be.

Noted in #12208

Metadata

Metadata

Assignees

No one assigned

    Labels

    c: SecurityFor issues that make Matomo more secure. Please report issues through HackerOne and not in Github.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions