The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Mautic

Published: 2021-08-30T15:55:21.646676Z

Updated: 2024-09-16T18:08:08.248Z

Reserved: 2021-03-02T00:00:00

Link: CVE-2021-27913

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-08-30T16:15:07.457

Modified: 2024-11-21T05:58:47.220

Link: CVE-2021-27913

cve-icon Redhat

No data.