The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0.
References
Link | Resource |
---|---|
https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3 | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mautic
Published: 2021-08-30T00:00:00
Updated: 2021-08-30T15:55:21
Reserved: 2021-03-02T00:00:00
Link: CVE-2021-27913
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-30T16:15:07.457
Modified: 2021-09-03T16:43:47.267
Link: CVE-2021-27913
JSON object: View
Redhat Information
No data.