Solstice Session Insecure Session ID Generation Vulnerability

A vulnerability exists in Solstice::Session versions through 1440 for Perl, where session IDs are generated insecurely. The _generateSessionID method creates an MD5 digest that is predictable, as it is based on the epoch time, a random hash reference, the built-in rand() function, and the process ID. This method is also used in Solstice::Subsession, which is part of the same distribution. The predictability of the session IDs could allow an attacker to gain unauthorized access to systems.

Impact

The vulnerability could lead to predictable session IDs, allowing attackers to hijack user sessions and gain unauthorized access to systems.

Reproduction

The vulnerability can be reproduced by creating a new session with the default cookie name. The generated session ID can be retrieved from the cookie, which will contain a predictable value based on the epoch time, a stringified hash reference, the process ID, and the output of the rand() function.

Remediation

To address this vulnerability, update to a version of Solstice::Session that generates session IDs using a secure random number generator. Avoid using the built-in rand() function for security-related purposes.