Lucene search
China National Vulnerability DatabaseCNVD-2021-70085HistorySep 01, 2021 - 12:00 a.m.
Mautic Security Feature Issue Feature Issue Vulnerability
2021-09-0100:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
mautic
security feature issue
session tokens
EPSS
0.001
Percentile
24.8%
Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. mautic versions prior to 3.3.4 and versions prior to 4.0.0 are vulnerable to a security feature issue that stems from the mt_rand function in the software, which is used to generate session tokens, but its pseudo-random nature makes the function flawed in encryption, and an attacker could exploit the vulnerable function encryption insecurity feature to enumerate session tokens for accounts that are not under its control.
Related
cvelist
cvelist
CVE-2021-27913 Use of a Broken or Risky Cryptographic Algorithm
2021-08-30 15:55:21
cve
cve
CVE-2021-27913
2021-08-30 16:15:07
friendsofphp
friendsofphp
Use of a Broken or Risky Cryptographic Algorithm
1970-01-01 00:00:00
veracode
veracode
Insecure Cryptographic Function
2021-08-31 07:02:10
nvd
nvd
CVE-2021-27913
2021-08-30 16:15:07
github
github
Use of a Broken or Risky Cryptographic Algorithm
2021-09-01 18:41:06
prion
prion
Design/Logic Flaw
2021-08-30 16:15:00
osv
osv
Use of a Broken or Risky Cryptographic Algorithm
2021-09-01 18:41:06
CVE-2021-27913
2021-08-30 16:15:07