CVE-2024-58135 – Mojolicious Weak HMAC Session Secret Vulnerability

May 3, 2025

CVE ID : CVE-2024-58135

Published : May 3, 2025, 11:15 a.m. | 52 minutes ago

Description : Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets.

When creating a default app with the “mojo generate app” tool, a weak secret is written to the application’s configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application’s sessions. This may allow an attacker to brute force the application’s session keys.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4226 – PHPGurukul Cyber Cafe Management System SQL Injection Vulnerability

Next Article LLMs Can Now Reason in Parallel: UC Berkeley and UCSF Researchers Introduce Adaptive Parallel Reasoning to Scale Inference Efficiently Without Exceeding Context Windows

Representative Line: Brace Yourself

Beyond the Pilot: A Playbook for Enterprise-Scale Agentic AI

GitHub launches MCP Registry to provide central location for trusted servers

MongoDB brings Search and Vector Search to self-managed versions of database

Distribution Release: Security Onion 2.4.180

Distribution Release: Omarchy 3.0.1

Distribution Release: Mauna Linux 25

Distribution Release: SparkyLinux 2025.09

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

Shopping Portal using Python Django & MySQL

Perficient Earns Adobe’s Real-time CDP Specialization

Valve Survey Reveals Slight Retreat in Steam-on-Linux Share

Valve Survey Reveals Slight Retreat in Steam-on-Linux Share

Review: Elecrow’s All-in-one Starter Kit for Pico 2

FOSS Weekly #25.38: GNOME 49 Release, KDE Drama, sudo vs sudo-rs, Local AI on Android and More Linux Stuff

CVE-2024-58135 – Mojolicious Weak HMAC Session Secret Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Microsoft is pushing its controversial Recall feature to Windows Insiders

CVE-2025-9674 – Transbyte Scooper News App Android Application Component Export Vulnerability

Roblox Faces Backlash for Banning YouTuber Who Aimed to Expose Platform Predators — and Threatens Legal Action

CVE-2025-34489 – GFI MailEssentials Remote Code Execution Vulnerability

Monster Hunter Wilds releases patch notes for its 1st Title Update

NVIDIA’s drivers are causing big problems for DOOM: The Dark Ages, but some fixes are available

How to Fix the Python ENOENT Error When Setting Up MCP Servers – A Complete Guide

Microsoft revolutionizes Edge as an AI-powered web browser with new experimental ‘Copilot Mode’ — here’s how to enable it right now

CVE-2024-58135 – Mojolicious Weak HMAC Session Secret Vulnerability

Related Posts