HTTP::Session2 Weak Session ID Generation Vulnerability

A vulnerability exists in HTTP::Session2 versions prior to 1.12 for Perl, where the session ID generator creates weak session IDs using the rand() function. This method is not suitable for cryptographic purposes, as it can be predicted. The session ID is a SHA-1 hash that is seeded with the rand() output, the current epoch time, and the process ID (PID). The PID is limited to a small range of values, and the epoch time can be estimated unless it is disclosed in the HTTP Date header. Although HTTP::Session2 version 1.02 and later attempts to use /dev/urandom for session ID generation, it defaults back to the insecure rand() method when /dev/urandom is unavailable, such as on Windows.

Impact

The vulnerability leads to the generation of predictable and weak session IDs, which can be exploited to hijack user sessions.

Reproduction

In HTTP::Session2 versions prior to 1.12, the session ID is generated by the _generate_session_id method in the Random.pm file. This method uses the rand() function, seeded with the current time, process ID, and a reference to an empty hash, to create a SHA-1 hash. The resulting hash is then encoded in a URL-safe format and truncated to 31 characters. This process can be repeated to demonstrate the predictability of the session IDs, as they can be guessed or derived based on the known seed values.

Remediation

Users are advised to upgrade to HTTP::Session2 version 1.12 or later, which uses Crypt::SysRandom to generate session IDs securely. Instructions for upgrading can be found on the module's MetaCPAN page.