5.3
CVE-2026-5083
- EPSS 0.43%
- Veröffentlicht 08.04.2026 05:53:16
- Zuletzt bearbeitet 23.04.2026 15:04:27
- Quelle 9b29abf9-4ab0-4765-b253-1875cd
- CVE-Watchlists
- Unerledigt
LoginAdo::Sessions versions through 0.935 for Perl generates insecure session ids
Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems. Note that Ado is no longer maintained, and has been removed from the CPAN index. It is still available on BackPAN.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Berov ≫ Ado::sessions SwPlatformperl Version <= 0.935
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.34 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
CWE-340 Generation of Predictable Numbers or Identifiers
The product uses a scheme that generates numbers or identifiers that are more predictable than required.
https://security.metacpan.org/docs/guides/random-data-for-security.html
https://github.com/kberov/Ado/issues/112
https://backpan.perl.org/authors/id/B/BE/BEROV/Ado-0.935.tar.gz
http://www.openwall.com/lists/oss-security/2026/04/08/7