{"vulnerability": "CVE-2024-58134", "sightings": [{"uuid": "2ef3f26d-2cd1-4cfe-8153-75af971899bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58134", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lobwjlvi2r2o", "content": "", "creation_timestamp": "2025-05-03T18:06:13.247688Z"}, {"uuid": "a60084b2-53e3-40da-8960-6424451aadef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58134", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lobutqr755t2", "content": "", "creation_timestamp": "2025-05-03T19:37:35.880861Z"}, {"uuid": "10c10597-0bce-4e40-a49c-a72a4f61ba5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58134", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14696", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58134\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default.\n\nThese predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user\u2019s session.\n\ud83d\udccf Published: 2025-05-03T16:08:55.042Z\n\ud83d\udccf Modified: 2025-05-03T16:08:55.042Z\n\ud83d\udd17 References:\n1. https://github.com/mojolicious/mojo/pull/1791\n2. https://github.com/mojolicious/mojo/pull/2200\n3. https://www.synacktiv.com/publications/baking-mojolicious-cookies\n4. https://medium.com/securing/baking-mojolicious-cookies-revisited-a-case-study-of-solving-security-problems-through-security-by-13da7c225802\n5. https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojolicious.pm#L51\n6. https://github.com/hashcat/hashcat/pull/4090", "creation_timestamp": "2025-05-03T16:19:07.000000Z"}, {"uuid": "9987c6f3-0c46-4e47-9170-63738bbbb4dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58134", "type": "seen", "source": "https://t.me/cvedetector/24405", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-58134 - Mojolicious Default HMAC Session Secret Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-58134 \nPublished : May 3, 2025, 4:15 p.m. | 1\u00a0hour, 47\u00a0minutes ago \nDescription : Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default.  \n  \nThese predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user\u2019s session. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-03T20:23:19.000000Z"}]}