|Description||libraries/session.inc.php in phpMyAdmin 4.0.x before 18.104.22.168, 4.4.x before 22.214.171.124, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|References||DLA-406-1, DLA-481-1, DSA-3627-1|
|NVD severity||medium (attack range: remote)|
Vulnerable and fixed packages
The table below lists information on source packages.
|phpmyadmin (PTS)||jessie (security), jessie||4:4.2.12-2+deb8u2||fixed|
The information below is based on the following data on fixed versions.
squeeze patch was actually incorrect and probably not functional: libraries/phpseclib/Crypt/Random.php needs some engine (e.g. AES) to work
https://github.com/phpmyadmin/phpmyadmin/commit/6fe54dfa000dd6f43f237e859781fad7111ac1bd is not sufficient: one needs 29b297f to import more bits from phpseclib or simply import all of phpseclib.
such a fix needs to avoid introducing a new vulnerability as well, upstream introduced CVE-2016-2042 as part of this