Solstice
Monthly
Weak session ID generation in Solstice::Session for Perl (all versions through 1440) enables session prediction and hijacking attacks by unauthenticated remote attackers. The vulnerability stems from cryptographically weak entropy sources (MD5 with predictable epoch time, stringified hash references, 16-bit rand() seeding, and limited process IDs), allowing attackers to forge valid session tokens and impersonate legitimate users. EPSS score of 0.02% (4th percentile) indicates low observed exploi
Weak session ID generation in Solstice::Session for Perl (all versions through 1440) enables session prediction and hijacking attacks by unauthenticated remote attackers. The vulnerability stems from cryptographically weak entropy sources (MD5 with predictable epoch time, stringified hash references, 16-bit rand() seeding, and limited process IDs), allowing attackers to forge valid session tokens and impersonate legitimate users. EPSS score of 0.02% (4th percentile) indicates low observed exploi