Thursday, 17 May 2007

PHP SOAP Extension HTTP Authentication Weakness

Stefan Esser has reported a weakness in PHP, which can be exploited by malicious people to bypass certain security restrictions.

The weakness is caused due to the use of an uninitialized variable within the function 'make_http_soap_request()' of the SOAP extension when calling 'php_rand_r()' to generate the nonce for the digest authentication, which may result in a weak and predictable nonce.

This problem is fixed in the Concurrent Versions System (CVS) repository.