Small Space of Random Values in francoisjacquet/rosariosis
Apr 26th 2022
The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.
Vulnerable code snippet
$password = $staff['USERNAME'] . rand( 1000, 9999 );
Attacker can guess password at maximum 9000 tries.