Integer Overflow or Wraparound
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-190: Integer Overflow or Wraparound |
| Confidence Level | High |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Using PHP’s base_convert() with large numbers (such as random tokens or hashes) can silently lose precision, resulting in incorrect or truncated values. This makes it unsuitable for securely handling session tokens, CSRF tokens, or cryptographic outputs.
Impact#
If an attacker can predict or manipulate truncated tokens, they may be able to bypass authentication, hijack sessions, or defeat CSRF protections. This weakens the overall security of the application by making supposedly random or unique tokens easier to guess or reproduce.