High severity7.5NVD Advisory· Published Feb 20, 2016· Updated May 6, 2026
CVE-2016-1927
CVE-2016-1927
Description
The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpmyadmin/phpmyadminPackagist | >= 4.0.0, < 4.0.10.13 | 4.0.10.13 |
phpmyadmin/phpmyadminPackagist | >= 4.4.0, < 4.4.15.3 | 4.4.15.3 |
phpmyadmin/phpmyadminPackagist | >= 4.5.0, < 4.5.4 | 4.5.4 |
Patches
62369daa7f5f5Use full alphabet to generate random passwords
1 file changed · +1 −1
js/functions.js+1 −1 modified@@ -77,7 +77,7 @@ function suggestPassword(passwd_form) // restrict the password to just letters and numbers to avoid problems: // "editors and viewers regard the password as multiple words and // things like double click no longer work" - var pwchars = "abcdefhjmnpqrstuvwxyz23456789ABCDEFGHJKLMNPQRSTUVWYXZ"; + var pwchars = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWYXZ"; var passwordlength = 16; // do we want that to be dynamic? no, keep it simple :) var passwd = passwd_form.generated_pw; var randomWords = new Int32Array(passwordlength);
5530a72e162fUse full alphabet to generate random passwords
1 file changed · +1 −1
js/functions.js+1 −1 modified@@ -215,7 +215,7 @@ function suggestPassword(passwd_form) // restrict the password to just letters and numbers to avoid problems: // "editors and viewers regard the password as multiple words and // things like double click no longer work" - var pwchars = "abcdefhjmnpqrstuvwxyz23456789ABCDEFGHJKLMNPQRSTUVWYXZ"; + var pwchars = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWYXZ"; var passwordlength = 16; // do we want that to be dynamic? no, keep it simple :) var passwd = passwd_form.generated_pw; var randomWords = new Int32Array(passwordlength);
912856b432d7Use full alphabet to generate random passwords
1 file changed · +1 −1
js/functions.js+1 −1 modified@@ -319,7 +319,7 @@ function suggestPassword(passwd_form) // restrict the password to just letters and numbers to avoid problems: // "editors and viewers regard the password as multiple words and // things like double click no longer work" - var pwchars = "abcdefhjmnpqrstuvwxyz23456789ABCDEFGHJKLMNPQRSTUVWYXZ"; + var pwchars = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWYXZ"; var passwordlength = 16; // do we want that to be dynamic? no, keep it simple :) var passwd = passwd_form.generated_pw; var randomWords = new Int32Array(passwordlength);
6a96e67487f2Use secure RNG if available
1 file changed · +19 −2
js/functions.js+19 −2 modified@@ -80,11 +80,28 @@ function suggestPassword(passwd_form) var pwchars = "abcdefhjmnpqrstuvwxyz23456789ABCDEFGHJKLMNPQRSTUVWYXZ"; var passwordlength = 16; // do we want that to be dynamic? no, keep it simple :) var passwd = passwd_form.generated_pw; + var randomWords = new Int32Array(passwordlength); + passwd.value = ''; - for (var i = 0; i < passwordlength; i++ ) { - passwd.value += pwchars.charAt( Math.floor( Math.random() * pwchars.length ) ); + // First we're going to try to use a built-in CSPRNG + if (window.crypto && window.crypto.getRandomValues) { + window.crypto.getRandomValues(randomWords); + } + // Because of course IE calls it msCrypto instead of being standard + else if (window.msCrypto && window.msCrypto.getRandomValues) { + window.msCrypto.getRandomValues(randomWords); + } else { + // Fallback to Math.random + for (var i = 0; i < passwordlength; i++) { + randomWords[i] = Math.floor(Math.random() * pwchars.length); + } } + + for (var i = 0; i < passwordlength; i++) { + passwd.value += pwchars.charAt(Math.abs(randomWords[i]) % pwchars.length); + } + passwd_form.text_pma_pw.value = passwd.value; passwd_form.text_pma_pw2.value = passwd.value; return true;
8b6737735be5Use secure RNG if available
1 file changed · +18 −1
js/functions.js+18 −1 modified@@ -218,11 +218,28 @@ function suggestPassword(passwd_form) var pwchars = "abcdefhjmnpqrstuvwxyz23456789ABCDEFGHJKLMNPQRSTUVWYXZ"; var passwordlength = 16; // do we want that to be dynamic? no, keep it simple :) var passwd = passwd_form.generated_pw; + var randomWords = new Int32Array(passwordlength); + passwd.value = ''; + // First we're going to try to use a built-in CSPRNG + if (window.crypto && window.crypto.getRandomValues) { + window.crypto.getRandomValues(randomWords); + } + // Because of course IE calls it msCrypto instead of being standard + else if (window.msCrypto && window.msCrypto.getRandomValues) { + window.msCrypto.getRandomValues(randomWords); + } else { + // Fallback to Math.random + for (var i = 0; i < passwordlength; i++) { + randomWords[i] = Math.floor(Math.random() * pwchars.length); + } + } + for (var i = 0; i < passwordlength; i++) { - passwd.value += pwchars.charAt(Math.floor(Math.random() * pwchars.length)); + passwd.value += pwchars.charAt(Math.abs(randomWords[i]) % pwchars.length); } + passwd_form.text_pma_pw.value = passwd.value; passwd_form.text_pma_pw2.value = passwd.value; return true;
8dedcc1a175eUse secure RNG if available
1 file changed · +18 −1
js/functions.js+18 −1 modified@@ -322,11 +322,28 @@ function suggestPassword(passwd_form) var pwchars = "abcdefhjmnpqrstuvwxyz23456789ABCDEFGHJKLMNPQRSTUVWYXZ"; var passwordlength = 16; // do we want that to be dynamic? no, keep it simple :) var passwd = passwd_form.generated_pw; + var randomWords = new Int32Array(passwordlength); + passwd.value = ''; + // First we're going to try to use a built-in CSPRNG + if (window.crypto && window.crypto.getRandomValues) { + window.crypto.getRandomValues(randomWords); + } + // Because of course IE calls it msCrypto instead of being standard + else if (window.msCrypto && window.msCrypto.getRandomValues) { + window.msCrypto.getRandomValues(randomWords); + } else { + // Fallback to Math.random + for (var i = 0; i < passwordlength; i++) { + randomWords[i] = Math.floor(Math.random() * pwchars.length); + } + } + for (var i = 0; i < passwordlength; i++) { - passwd.value += pwchars.charAt(Math.floor(Math.random() * pwchars.length)); + passwd.value += pwchars.charAt(Math.abs(randomWords[i]) % pwchars.length); } + passwd_form.text_pma_pw.value = passwd.value; passwd_form.text_pma_pw2.value = passwd.value; return true;
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
14- www.phpmyadmin.net/home_page/security/PMASA-2016-4.phpnvdPatchVendor AdvisoryWEB
- github.com/phpmyadmin/phpmyadmin/commit/8dedcc1a175eb07debd4fe116407c43694c60b22nvdPatchWEB
- github.com/phpmyadmin/phpmyadmin/commit/912856b432d794201884c36e5f390d446339b6e4nvdPatchWEB
- github.com/advisories/GHSA-4gmg-gwjh-3mmrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-1927ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.htmlnvdWEB
- lists.opensuse.org/opensuse-updates/2016-02/msg00028.htmlnvdWEB
- lists.opensuse.org/opensuse-updates/2016-02/msg00049.htmlnvdWEB
- www.debian.org/security/2016/dsa-3627nvdWEB
- github.com/phpmyadmin/phpmyadmin/commit/2369daa7f5f550797f560e6b46a021e4558c2d72ghsaWEB
- github.com/phpmyadmin/phpmyadmin/commit/5530a72e162fab442218486a90ff3365c96fde98ghsaWEB
- github.com/phpmyadmin/phpmyadmin/commit/6a96e67487f2faecb4de4204fee9b96b94020720ghsaWEB
- github.com/phpmyadmin/phpmyadmin/commit/8b6737735be5787d0b98c6cdfe2c7e3131b1bc95ghsaWEB
News mentions
0No linked articles in our index yet.