- Home
- CVEs with nessus.description==Several flaws were discovered in the CSRF authentication code of phpMyAdmin.
CVE-2016-2039
The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values.
CVE-2016-2041
The comparison of the XSRF/CSRF token parameter with the value saved in the session is vulnerable to timing attacks. Moreover, the comparison could be bypassed if the XSRF/CSRF token matches a particular pattern.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top