Davinder Tutorials

This blog is all about Cyber Security and IT

Thursday, July 25, 2024

Use of a Broken or Risky Cryptographic Algorithm

  July 25, 2024    

 

Revive-ad server utilizes a PRNG for session-token generation, this means that an attacker could theoretically be able to generate session tokens at random and take over accounts at random.
 
This function does not generate crypto-graphically secure values, and should not be used for cryptographic purposes.
 
References: https://www.php.net/manual/en/function.uniqid.php
CVE-2021-22948
 Refer report: https://hackerone.com/reports/1306942

Impact

This vulnerability is capable of allowing mass account takeover by having attackers generate other users' session tokens.

  No Comments

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)