CVE-2024-58135

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-338
View all →

Vulnerability Description

Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

Related Vulnerabilities

CVE-2012-6124

MEDIUM
CVSS:5.3(Medium)

A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and ...

CWE-3382012

CVE-2019-7855

MEDIUM
CVSS:5.3(Medium)

A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generat...

CWE-3382019

CVE-2019-8113

MEDIUM
CVSS:5.3(Medium)

Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.

CWE-3382019

CVE-2021-23126

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.

CWE-3382021

CVE-2021-29245

MEDIUM
CVSS:5.3(Medium)

BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key.

CWE-3382021

CVE-2023-50059

MEDIUM
CVSS:5.3(Medium)

An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Galxe, the signed message lacks a nonce (random number)

CWE-3382023