3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
25.0%
The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control
Numerous examples and attack implementations can be found in this paper . If you’re looking for a practical tool that can crack your mt_rand implementation’s seed value, see this project and run the following commands in a console with php5 and OpenWall’s tool installed:
root$ php -r 'mt_srand(13333337); echo mt_rand( ), "\n";'
After that, copy the output (1863134308) and execute the following commands:
root$ gcc php_mt_seed.c -o php_mt_seedroot$ ./php_mt_seed 1863134308
After waiting ~1 minute you should have a few possible seeds corresponding to their PHP versions, next to your installed PHP version you should see something akin to:
seed = 0x00cb7359 = 13333337 (PHP 7.1.0+)
Hey, that’s your seed!
An attacker could takeover accounts at random by enumerating and using access tokens.
CPE | Name | Operator | Version |
---|---|---|---|
mautic/core | lt | 4.0.0 | |
mautic/core | lt | 3.3.4 |
github.com/advisories/GHSA-x7g2-wrrp-r6h3
github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27913.yaml
github.com/mautic/mautic/commit/d1cad766a2de74e6c6b89d6d78c2a5f2e36ba91c
github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3
nvd.nist.gov/vuln/detail/CVE-2021-27913
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
25.0%