The Debian Linux security team recently pushed out an wry security advisory for popular web content management system (CMS) Drupal. Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework. The new code uses a function that at least tries to use a cryptographic-quality random generator, drupal_random_bytes() calling OpenSSL or reading from Unixs /dev/urandom. The old code used a PHP function called mt_rand() for generating random passwords.”]