CVE-2024-58134 – Mojolicious Default HMAC Session Secret Vulnerability

May 3, 2025

CVE ID : CVE-2024-58134

Published : May 3, 2025, 4:15 p.m. | 1 hour, 16 minutes ago

Description : Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application’s class name, as a HMAC session secret by default.

These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1495 – IBM Business Automation Workflow Information Disclosure Vulnerability

Next Article CVE-2024-41753 – IBM Cloud Pak for Business Automation Cross-Site Scripting Vulnerability

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

Parasoft C/C++test 2025.1, Secure Code Warrior AI Security Rules, and more – Daily News Digest

What I Wish Someone Told Me When I Was Getting Into ARIA

SD Times 100

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

This Xbox game emotionally wrecked me in less than four hours… I’m going to go hug my cat now

Top 5 desktop PC case features that I can’t live without — and neither should you

‘No aggressive monetization’ — Nexus Mods’ new ownership responds to worried members

Build AI Agents That Run Your Day – While You Focus on What Matters

Build AI Agents That Run Your Day – While You Focus on What Matters

Faster Builds in Meteor 3.3: Modern Build Stack with SWC and Bundler Optimizations

How to Change Redirect After Login/Register in Laravel Breeze

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

This Xbox game emotionally wrecked me in less than four hours… I’m going to go hug my cat now

Top 5 desktop PC case features that I can’t live without — and neither should you

CVE-2024-58134 – Mojolicious Default HMAC Session Secret Vulnerability

Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication

Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security

Make videos accessible with automated audio descriptions using Amazon Nova

CVE-2025-47539 – Themewinter Eventin Privilege Escalation Vulnerability

Will your Mac or Windows PC still get security updates in 2026? Check this chart

CVE-2025-32882 – GoTenna Encryption Malleability Vulnerability

Versa Patches 3 Concerto SD-WAN Vulnerabilities, Including a Perfect 10.0

5 reasons not to “hack back”

Key Considerations Before Outsourcing Your Mobile App Development

Cyberpunk 2077 sequel enters pre-production as Phantom Liberty crosses 10 million copies sold

CVE-2024-58134 – Mojolicious Default HMAC Session Secret Vulnerability

Related Posts