Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids.
Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand() function, the epoch time, and the PID, that is hashed again. These are predictable, low-entropy sources. Predicable session ids could allow an attacker to gain access to systems.
Note that version 1.3.19 has a fallback without warning to use insecure session generation method if the call to Crypt::URandom::urandom fails. However, this is unlikely as Crypt::URandom is a hardcoded requirement of the module.
This issue is similar to CVE-2025-40931 for Apache::Session::Generate::MD5.
AnalysisAI
Weak session ID generation in Apache::Session::Generate::SHA256 for Perl allows session prediction and hijacking. All versions before 1.3.19 derive session identifiers from low-entropy sources (time, PID, rand, stringified hash ref), enabling remote unauthenticated attackers to predict valid session IDs and gain unauthorized access. EPSS score is low (0.02%, 5th percentile) and no public exploit identified at time of analysis, but CVSS 6.5 with network vector (AV:N/AC:L/PR:N) indicates exploitability against internet-facing systems. Vendor-released patch 1.3.19 replaces predictable hash with Crypt::URandom cryptographically secure source. Similar scope to CVE-2025-40931 for MD5 variant.
Technical ContextAI
Apache::Session::Generate::SHA256 is a session ID generator module for Perl's Apache::Session framework, used by web applications including LemonLDAP::NG (authentication/SSO portal). Prior to 1.3.19, the generate() function computed session IDs as SHA-256(SHA-256(time() + {} + rand() + $$)), where {} stringifies to a memory address, rand() uses Perl's non-cryptographic PRNG, and $$ is the process ID. These entropy sources are constrained: time is public, PIDs cycle predictably (typically 1-32768 on Linux), rand() has ~15 bits effective entropy without explicit seeding, and memory addresses follow ASLR patterns. CWE-340 (generation of predictable numbers or identifiers) applies - cryptographic session tokens require ~128 bits entropy from CSPRNG sources, but this implementation provided <32 bits effective entropy. The patch migrates to Crypt::URandom::urandom(), which wraps /dev/urandom (Linux) or CryptGenRandom (Windows) for kernel-supplied cryptographic randomness. The fallback to insecure generation if Crypt::URandom fails is mitigated by hardcoding the module as a build requirement.
RemediationAI
Upgrade to Apache::Session::Generate::SHA256 version 1.3.19 or later, released as part of Apache-Session-Browseable 1.3.19 distribution. Install via CPAN: 'cpan Apache::Session::Browseable' or 'cpanm Apache::Session::Browseable'. The patch commit (https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/cc915cbbd266776eec3dd8bf4748b15fa827dbd0) replaces Digest::SHA with Crypt::URandom for cryptographically secure random session ID generation. Version 1.3.19 hardeneds the dependency by requiring Crypt::URandom in Build.PL, minimizing fallback risk. If immediate patching is infeasible, implement compensating controls: (1) Enable additional session validation - bind sessions to client IP (breaks mobile users), user-agent fingerprinting (bypassable but raises attack cost), or HTTP-only secure cookies with SameSite=Strict (limits CSRF vectors but does not prevent prediction); (2) Reduce session lifetime to <15 minutes and force re-authentication for sensitive operations (decreases prediction window but impacts UX); (3) Deploy Web Application Firewall rules to detect rapid sequential session ID attempts (rate-limit /login endpoints, monitor for 401/403 bursts) - note this generates false positives under legitimate load spikes. These mitigations increase attack cost but do not eliminate the core entropy weakness. Patch is the only complete solution.
Same technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: MediumShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30536
GHSA-2c59-fqg7-rwrx