High severity7.5NVD Advisory· Published Mar 1, 2017· Updated Jun 17, 2026
CVE-2016-6485
CVE-2016-6485
Description
The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
magento/community-editionPackagist | >= 2.0, < 2.2.6 | 2.2.6 |
magento/project-community-editionPackagist | >= 2.0, <= 2.0.2 | — |
Affected products
3- ghsa-coords2 versions
>= 2.0, < 2.2.6+ 1 more
- (no CPE)range: >= 2.0, < 2.2.6
- (no CPE)range: >= 2.0, <= 2.0.2
Patches
Vulnerability mechanics
References
6- www.openwall.com/lists/oss-security/2016/07/19/3nvdMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2016/07/27/14nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-h7qw-mxrm-c6h2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-6485ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2016-6485.yamlghsaWEB
- github.com/magento/magento2/pull/15017nvdWEB
News mentions
0No linked articles in our index yet.