Описание
The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0.
Ссылки
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.4 (исключая)
Одно из
cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:4.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:4.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:4.0.0:rc:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00089
Низкий
3.5 Low
CVSS3
3.5 Low
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-327
CWE-338
Связанные уязвимости
CVSS3: 3.5
github
больше 4 лет назад
Use of a Broken or Risky Cryptographic Algorithm
EPSS
Процентиль: 25%
0.00089
Низкий
3.5 Low
CVSS3
3.5 Low
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-327
CWE-338