Webdyne
Monthly
WebDyne::Session versions through 2.075 for Perl generate cryptographically weak session identifiers using MD5 hashing seeded with Perl's predictable rand() function, allowing attackers to forge valid session IDs and gain unauthorized access to systems. The vulnerability affects all versions from 0 through 2.075 and stems from reliance on a 32-bit-seeded random number generator unsuitable for cryptographic purposes, making session hijacking feasible without authentication.
WebDyne::Session versions through 2.075 for Perl generate cryptographically weak session identifiers using MD5 hashing seeded with Perl's predictable rand() function, allowing attackers to forge valid session IDs and gain unauthorized access to systems. The vulnerability affects all versions from 0 through 2.075 and stems from reliance on a 32-bit-seeded random number generator unsuitable for cryptographic purposes, making session hijacking feasible without authentication.