diff --git a/SeedDMS_Core/Core/inc.ClassDMS.php b/SeedDMS_Core/Core/inc.ClassDMS.php
index bfda37984..e234625fe 100644
--- a/SeedDMS_Core/Core/inc.ClassDMS.php
+++ b/SeedDMS_Core/Core/inc.ClassDMS.php
@@ -2541,7 +2541,15 @@ class SeedDMS_Core_DMS {
* @return string|boolean hash value of false in case of an error
*/
function createPasswordRequest($user) { /* {{{ */
- $hash = md5(uniqid(time()));
+ $lenght = 32;
+ if (function_exists("random_bytes")) {
+ $bytes = random_bytes(ceil($lenght / 2));
+ } elseif (function_exists("openssl_random_pseudo_bytes")) {
+ $bytes = openssl_random_pseudo_bytes(ceil($lenght / 2));
+ } else {
+ return false;
+ }
+ $hash = bin2hex($bytes);
$queryStr = "INSERT INTO `tblUserPasswordRequest` (`userID`, `hash`, `date`) VALUES (" . $user->getId() . ", " . $this->db->qstr($hash) .", ".$this->db->getCurrentDatetime().")";
$resArr = $this->db->getResult($queryStr);
if (is_bool($resArr) && !$resArr) return false;
diff --git a/SeedDMS_Core/package.xml b/SeedDMS_Core/package.xml
index 28e97ae34..e384b9ad2 100644
--- a/SeedDMS_Core/package.xml
+++ b/SeedDMS_Core/package.xml
@@ -26,6 +26,7 @@
- fix SeedDMS_Core_User::getDocumentContents()
- fix SeedDMS_Core_File::fileExtension()
+- SeedDMS_Core_DMS::createPasswordRequest() creates a cryptographically secure hash