WebDyne Session Predictable Session ID Vulnerability in Versions Through 2.075

A vulnerability exists in WebDyne::Session for Perl, in versions through 2.075, due to the session ID being generated insecurely. The session handler creates the session ID using an MD5 hash that is seeded with a predictable value from the built-in rand() function. This seeding is based on the process ID, epoch time, and the reference address of the object, but does not enhance the randomness for cryptographic use. The predictable session IDs could potentially allow an attacker to gain unauthorized access to systems.

Impact

The vulnerability could lead to session hijacking, allowing an attacker to impersonate a user by predicting and using their session ID.

Reproduction

The vulnerability can be reproduced by using WebDyne::Session versions through 2.075. When a new session ID is generated, it is created from a predictable random seed, making it easy to guess. This can be demonstrated by initiating a session and observing the generated session ID, which can be predicted based on the known seed values.

Remediation

Users can upgrade to WebDyne::Session version 2.075 or later, where this vulnerability is addressed. When generating session IDs, it is recommended to use a secure random number generator, such as those provided by the Crypt::URandom or Crypt::OpenSSL modules.