3 matches found
CVE-2025-40933
Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...
MetaCPAN Apache::AuthAny::Cookie 安全漏洞
MetaCPAN Apache::AuthAny::Cookie is a Perl authentication module from the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Apache::AuthAny::Cookie version 0.201 and earlier, which stems from the use of MD5 hash and rand functions to generate insecure session IDs, which could lead ...
PT-2025-38160
Name of the Vulnerable Software and Affected Versions: Apache::AuthAny::Cookie versions 0.201 and earlier Description: The software generates session IDs insecurely using an MD5 hash of the epoch time and the rand function. The epoch time may be guessable if not concealed by the HTTP Date header,...