-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.2.0, < 2.2.10 | 2.2.10 |
| magento/community-edition | composer | >= 2.3.0, < 2.3.2-p1 | 2.3.2-p1 |
Miggo AIRoot Cause AnalysisThe vulnerability description explicitly states weak PRNG usage for confirmation codes. In PHP contexts, mt_rand() is a common weak generator. Magento's customer registration flow would generate confirmation codes in the Customer module. The AccountConfirmation model is a logical location for this functionality. The high confidence comes from: 1) Direct CWE-338 alignment with weak PRNG usage 2) PHP's mt_rand() being a known non-cryptographic function 3) The security bulletin reference to PRODSECBUG-2464 mentioning weak cryptographic functions 4) Standard Magento architecture patterns placing confirmation logic in Customer module models.
A Semantic Attack on Google Gemini - Read the Latest Research