Skip to main content

Apache::Session::Generate::SHA256 CVE-2026-8503

| EUVDEUVD-2026-30536 MEDIUM
Generation of Predictable Numbers or Identifiers (CWE-340)
2026-05-15 CPANSec GHSA-2c59-fqg7-rwrx
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
Source Code Evidence Fetched
May 15, 2026 - 16:23 vuln.today
Analysis Generated
May 15, 2026 - 16:23 vuln.today
CVSS changed
May 15, 2026 - 16:22 NVD
6.5 (MEDIUM)
CVE Published
May 15, 2026 - 11:06 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids.

Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand() function, the epoch time, and the PID, that is hashed again. These are predictable, low-entropy sources. Predicable session ids could allow an attacker to gain access to systems.

Note that version 1.3.19 has a fallback without warning to use insecure session generation method if the call to Crypt::URandom::urandom fails. However, this is unlikely as Crypt::URandom is a hardcoded requirement of the module.

This issue is similar to CVE-2025-40931 for Apache::Session::Generate::MD5.

AnalysisAI

Weak session ID generation in Apache::Session::Generate::SHA256 for Perl allows session prediction and hijacking. All versions before 1.3.19 derive session identifiers from low-entropy sources (time, PID, rand, stringified hash ref), enabling remote unauthenticated attackers to predict valid session IDs and gain unauthorized access. EPSS score is low (0.02%, 5th percentile) and no public exploit identified at time of analysis, but CVSS 6.5 with network vector (AV:N/AC:L/PR:N) indicates exploitability against internet-facing systems. Vendor-released patch 1.3.19 replaces predictable hash with Crypt::URandom cryptographically secure source. Similar scope to CVE-2025-40931 for MD5 variant.

Technical ContextAI

Apache::Session::Generate::SHA256 is a session ID generator module for Perl's Apache::Session framework, used by web applications including LemonLDAP::NG (authentication/SSO portal). Prior to 1.3.19, the generate() function computed session IDs as SHA-256(SHA-256(time() + {} + rand() + $$)), where {} stringifies to a memory address, rand() uses Perl's non-cryptographic PRNG, and $$ is the process ID. These entropy sources are constrained: time is public, PIDs cycle predictably (typically 1-32768 on Linux), rand() has ~15 bits effective entropy without explicit seeding, and memory addresses follow ASLR patterns. CWE-340 (generation of predictable numbers or identifiers) applies - cryptographic session tokens require ~128 bits entropy from CSPRNG sources, but this implementation provided <32 bits effective entropy. The patch migrates to Crypt::URandom::urandom(), which wraps /dev/urandom (Linux) or CryptGenRandom (Windows) for kernel-supplied cryptographic randomness. The fallback to insecure generation if Crypt::URandom fails is mitigated by hardcoding the module as a build requirement.

RemediationAI

Upgrade to Apache::Session::Generate::SHA256 version 1.3.19 or later, released as part of Apache-Session-Browseable 1.3.19 distribution. Install via CPAN: 'cpan Apache::Session::Browseable' or 'cpanm Apache::Session::Browseable'. The patch commit (https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/cc915cbbd266776eec3dd8bf4748b15fa827dbd0) replaces Digest::SHA with Crypt::URandom for cryptographically secure random session ID generation. Version 1.3.19 hardeneds the dependency by requiring Crypt::URandom in Build.PL, minimizing fallback risk. If immediate patching is infeasible, implement compensating controls: (1) Enable additional session validation - bind sessions to client IP (breaks mobile users), user-agent fingerprinting (bypassable but raises attack cost), or HTTP-only secure cookies with SameSite=Strict (limits CSRF vectors but does not prevent prediction); (2) Reduce session lifetime to <15 minutes and force re-authentication for sensitive operations (decreases prediction window but impacts UX); (3) Deploy Web Application Firewall rules to detect rapid sequential session ID attempts (rate-limit /login endpoints, monitor for 401/403 bursts) - note this generates false positives under legitimate load spikes. These mitigations increase attack cost but do not eliminate the core entropy weakness. Patch is the only complete solution.

Vendor StatusVendor

SUSE

Severity: Medium

Share

CVE-2026-8503 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy