From f459a35cf4fe475d505e2eebbc10428adbab959e Mon Sep 17 00:00:00 2001 From: Lynn Stephenson <63118982+lynn-stephenson@users.noreply.github.com> Date: Sat, 4 Apr 2020 08:06:49 +0000 Subject: [PATCH] Update lostpass.php use CSPRNG for password reset token generation --- mod/lostpass.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mod/lostpass.php b/mod/lostpass.php index 2ce396e366..8a1a9f36e5 100644 --- a/mod/lostpass.php +++ b/mod/lostpass.php @@ -41,7 +41,7 @@ function lostpass_post(App $a) DI::baseUrl()->redirect(); } - $pwdreset_token = Strings::getRandomName(12) . random_int(1000, 9999); + $pwdreset_token = Strings::getRandomHex(32); $fields = [ 'pwdreset' => $pwdreset_token, -- 2.39.5