Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. mautic versions prior to 3.3.4 and versions prior to 4.0.0 are vulnerable to a security feature issue that stems from the mt_rand function in the software, which is used to generate session tokens, but its pseudo-random nature makes the function flawed in encryption, and an attacker could exploit the vulnerable function encryption insecurity feature to enumerate session tokens for accounts that are not under its control.