QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-40933

Back to search

CVE-2025-40933

Published: Sep 17, 2025

Modified: Sep 17, 2025

PUBLISHED

Description

Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

VendorProductVersions

KGOLDOV

Apache::AuthAny

affected
0.19 - <= 0.201

Weaknesses (CWE)

CWE-340
CWE-338

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now