CVE-2024-58134 – Mojolicious Default HMAC Session Secret Vulnerability

May 3, 2025

CVE ID : CVE-2024-58134

Published : May 3, 2025, 4:15 p.m. | 1 hour, 16 minutes ago

Description : Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application’s class name, as a HMAC session secret by default.

These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1495 – IBM Business Automation Workflow Information Disclosure Vulnerability

Next Article CVE-2024-41753 – IBM Cloud Pak for Business Automation Cross-Site Scripting Vulnerability

Highlights

CVE-2025-20186 – “Cisco Wireless LAN Controller Lobby Ambassador Command Injection Vulnerability”

May 7, 2025

CVE ID : CVE-2025-20186

Published : May 7, 2025, 6:15 p.m. | 1 hour, 29 minutes ago

Description : A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user account to perform a command injection attack against an affected device.

This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with privilege level 15.

Note: This vulnerability is exploitable only if the attacker obtains the credentials for a lobby ambassador account. This account is not configured by default.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

15 Essential Skills to Look for When Hiring Node.js Developers for Enterprise Projects (2025-2026)

African training program creates developers with cloud-native skills

React.js for SaaS Platforms: How Top Development Teams Help Startups Launch Faster

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

LastPass can now warn or block logins to shadow SaaS apps – here’s how

Get up to a year of Adobe Creative Cloud access for 40% off

Got 6 hours? This free AI training from Google and Goodwill can boost your resume today

Why I recommend this budget phone with a paper-like screen over ‘minimalist’ devices

Laravel Boost, your AI coding starter kit

Laravel Boost, your AI coding starter kit

Using GitHub Copilot in VS Code

Optimizely Mission Control – Part I

Top 20 kubectl Commands Every Kubernetes Beginner Must Know

Top 20 kubectl Commands Every Kubernetes Beginner Must Know

Microsoft’s record stock run collides with Nadella’s admission that 15,000 layoffs still ‘hurt’

Microsoft and Adobe Power Up Fantasy Premier League Fans with AI – Here’s How

CVE-2024-58134 – Mojolicious Default HMAC Session Secret Vulnerability

PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads

The Wild West of Shadow IT

CVE-2025-52046 – Totolink A3300R Command Injection Vulnerability

CVE-2025-3915 – Airtable Aeropage Sync for WordPress Unauthorized Data Deletion Vulnerability

Rilasciato OBS Studio 31.1: Supporto per Windows su Arm e nuove funzionalità

Could OpenAI’s rumored browser be a Chrome-killer? Here’s what I’m expecting

CVE-2025-20186 – “Cisco Wireless LAN Controller Lobby Ambassador Command Injection Vulnerability”

Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States

Chrome 140 Plans to Play Nicer with Wayland on Linux

Sam Altman Admits: ChatGPT’s New Personality Is “Annoying”, Fix Coming This Week

CVE-2024-58134 – Mojolicious Default HMAC Session Secret Vulnerability

Related Posts