Skip to main content

Webdyne

1 CVEs product

Monthly

CVE-2026-5084 MEDIUM This Month

WebDyne::Session versions through 2.075 for Perl generate cryptographically weak session identifiers using MD5 hashing seeded with Perl's predictable rand() function, allowing attackers to forge valid session IDs and gain unauthorized access to systems. The vulnerability affects all versions from 0 through 2.075 and stems from reliance on a 32-bit-seeded random number generator unsuitable for cryptographic purposes, making session hijacking feasible without authentication.

Information Disclosure Webdyne
NVD
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM This Month

WebDyne::Session versions through 2.075 for Perl generate cryptographically weak session identifiers using MD5 hashing seeded with Perl's predictable rand() function, allowing attackers to forge valid session IDs and gain unauthorized access to systems. The vulnerability affects all versions from 0 through 2.075 and stems from reliance on a 32-bit-seeded random number generator unsuitable for cryptographic purposes, making session hijacking feasible without authentication.

Information Disclosure Webdyne
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy