Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-58134
Modified
More InfoOfficial Page
Source-9b29abf9-4ab0-4765-b253-1875cd9b441e
View Known Exploited Vulnerability (KEV) details
Published At-03 May, 2025 | 16:15
Updated At-20 Oct, 2025 | 20:15

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies.  An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.1HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CPE Matches
mojolicious
mojolicious
>>mojolicious>>Versions from 0.999922(inclusive) to 9.40(inclusive)
cpe:2.3:a:mojolicious:mojolicious:*:*:*:*:*:perl:*:*
Weaknesses
CWE IDTypeSource
CWE-321Secondary9b29abf9-4ab0-4765-b253-1875cd9b441e
CWE-331Secondary9b29abf9-4ab0-4765-b253-1875cd9b441e
CWE ID: CWE-321
Type: Secondary
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
CWE ID: CWE-331
Type: Secondary
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://docs.mojolicious.org/Mojolicious/Guides/FAQ#What-does-Your-secret-passphrase-needs-to-be-changed-mean9b29abf9-4ab0-4765-b253-1875cd9b441e
N/A
https://github.com/hashcat/hashcat/pull/40909b29abf9-4ab0-4765-b253-1875cd9b441e
Issue Tracking
Patch
https://github.com/mojolicious/mojo/pull/17919b29abf9-4ab0-4765-b253-1875cd9b441e
Issue Tracking
Patch
https://github.com/mojolicious/mojo/pull/22009b29abf9-4ab0-4765-b253-1875cd9b441e
Issue Tracking
Patch
https://github.com/mojolicious/mojo/pull/22529b29abf9-4ab0-4765-b253-1875cd9b441e
N/A
https://lists.debian.org/debian-perl/2025/05/msg00016.html9b29abf9-4ab0-4765-b253-1875cd9b441e
N/A
https://lists.debian.org/debian-perl/2025/05/msg00017.html9b29abf9-4ab0-4765-b253-1875cd9b441e
N/A
https://lists.debian.org/debian-perl/2025/05/msg00018.html9b29abf9-4ab0-4765-b253-1875cd9b441e
N/A
https://medium.com/securing/baking-mojolicious-cookies-revisited-a-case-study-of-solving-security-problems-through-security-by-13da7c2258029b29abf9-4ab0-4765-b253-1875cd9b441e
Third Party Advisory
https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojolicious.pm#L519b29abf9-4ab0-4765-b253-1875cd9b441e
Product
https://www.synacktiv.com/publications/baking-mojolicious-cookies9b29abf9-4ab0-4765-b253-1875cd9b441e
Exploit
Hyperlink: https://docs.mojolicious.org/Mojolicious/Guides/FAQ#What-does-Your-secret-passphrase-needs-to-be-changed-mean
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource: N/A
Hyperlink: https://github.com/hashcat/hashcat/pull/4090
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource:
Issue Tracking
Patch
Hyperlink: https://github.com/mojolicious/mojo/pull/1791
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource:
Issue Tracking
Patch
Hyperlink: https://github.com/mojolicious/mojo/pull/2200
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource:
Issue Tracking
Patch
Hyperlink: https://github.com/mojolicious/mojo/pull/2252
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource: N/A
Hyperlink: https://lists.debian.org/debian-perl/2025/05/msg00016.html
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource: N/A
Hyperlink: https://lists.debian.org/debian-perl/2025/05/msg00017.html
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource: N/A
Hyperlink: https://lists.debian.org/debian-perl/2025/05/msg00018.html
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource: N/A
Hyperlink: https://medium.com/securing/baking-mojolicious-cookies-revisited-a-case-study-of-solving-security-problems-through-security-by-13da7c225802
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource:
Third Party Advisory
Hyperlink: https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojolicious.pm#L51
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource:
Product
Hyperlink: https://www.synacktiv.com/publications/baking-mojolicious-cookies
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource:
Exploit
Change History
0Changes found
Details not found