diff --git a/common/contrib/genpass/SA-CONTRIB-2018-042.patch b/common/contrib/genpass/SA-CONTRIB-2018-042.patch
new file mode 100644
index 0000000000000000000000000000000000000000..38553e371884412035a204c9c052be1f56ab82a6
--- /dev/null
+++ b/common/contrib/genpass/SA-CONTRIB-2018-042.patch
@@ -0,0 +1,52 @@
+diff --git a/genpass.module b/genpass.module
+index b35b1d9..5d31623 100644
+--- a/genpass.module
++++ b/genpass.module
+@@ -26,17 +26,16 @@ function genpass_generate() {
+ }
+ 
+ /**
+- * Generate a new password using genpass's internal password generation
+- * algorithm.
+- * Based on the original D6 user_password function (with more characters)
++ * Generates random password.
+  *
+- * @return a fresh password according to the settings made in /admin/user/settings
++ * @see user_password()
+  *
+- * @see genpass_form_alter()
++ * @return string
++ *   The random string.
+  */
+ function genpass_password() {
+   $pass = '';
+-  $length = variable_get('genpass_length', 8);
++  $length = variable_get('genpass_length', 12);
+   $allowable_characters = variable_get('genpass_entropy', _genpass_default_entropy());
+ 
+   // Zero-based count of characters in the allowable list:
+@@ -44,9 +43,14 @@ function genpass_password() {
+ 
+   // Loop the number of times specified by $length.
+   for ($i = 0; $i < $length; $i++) {
++    do {
++      // Find a secure random number within the range needed.
++      $index = ord(drupal_random_bytes(1));
++    } while ($index > $len);
++
+     // Each iteration, pick a random character from the
+     // allowable string and append it to the password:
+-    $pass .= $allowable_characters[mt_rand(0, $len)];
++    $pass .= $allowable_characters[$index];
+   }
+ 
+   return $pass;
+@@ -90,7 +94,7 @@ function genpass_form_alter(&$form, $form_state, $form_id) {
+       $form['registration']['genpass_length'] = array(
+         '#type' => 'textfield',
+         '#title' => t('Generated password length'),
+-        '#default_value' => variable_get('genpass_length', 8),
++        '#default_value' => variable_get('genpass_length', 12),
+         '#size' => 2,
+         '#maxlength' => 2,
+         '#description' => t('Set the length of generated passwords here. Allowed range: 5 to 32.'),