PEAR Text_Password Random Number Generator Seeding Weakness
Remote / Network Access
Loss of Integrity
PEAR Text_Password contains a flaw that may cause passwords and CAPTCHA sequences to be generated from a small random seed pool. This could cause the possible password space to be considerably smaller than intended. Additionally, this would allow attackers to easily brute force CAPTCHA sequences, bypassing the protection offered.
Upgrade to version 1.1.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.