HMAC Session Secret Exposure in Mojolicious Web Framework by Perl
CVE-2024-58134
8.1HIGH
What is CVE-2024-58134?
The Mojolicious web framework for Perl features a significant vulnerability where it employs a hardcoded string or the application's class name as the default HMAC session secret. This predictability can be manipulated by attackers who can guess or know the secret, enabling them to create valid HMAC signatures for session cookies. As a result, unauthorized users could potentially hijack or tamper with legitimate user sessions, compromising the integrity and confidentiality of user data.
Affected Version(s)
Mojolicious 0.999922
