/ 
Apache2-AuthAny-0.201
River stage zero No dependents
Security Advisories (1)
CVE-2025-40933 (2025-09-17)

Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

Changes for version 0.201

  • Added missing LICENSE file

Modules

Apache2::AuthAny
Authentication with any provider or mechanism

Provides

Apache2::AuthAny::AuthUtil
in lib/Apache2/AuthAny/AuthUtil.pm
Apache2::AuthAny::AuthenHandler
in lib/Apache2/AuthAny/AuthenHandler.pm
Apache2::AuthAny::AuthzHandler
in lib/Apache2/AuthAny/AuthzHandler.pm
Apache2::AuthAny::Cookie
in lib/Apache2/AuthAny/Cookie.pm
Apache2::AuthAny::DB
in lib/Apache2/AuthAny/DB.pm
Apache2::AuthAny::FixupHandler
in lib/Apache2/AuthAny/FixupHandler.pm
Apache2::AuthAny::MapToStorageHandler
in lib/Apache2/AuthAny/MapToStorageHandler.pm
Apache2::AuthAny::RequestConfig
in lib/Apache2/AuthAny/RequestConfig.pm

Examples

Other files