The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mautic
Published: 2021-08-30T15:55:21.646676Z
Updated: 2024-09-16T18:08:08.248Z
Reserved: 2021-03-02T00:00:00
Link: CVE-2021-27913
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-08-30T16:15:07.457
Modified: 2024-11-21T05:58:47.220
Link: CVE-2021-27913
Redhat
No data.