Use of a Broken or Risky Cryptographic Algorithm in froxlor/froxlor
Oct 1st 2021
microtime to seed
uniqid which is then hashed to produce a session token,
microtime can be reasonably brute-forced/predicted, thus allowing for a relatively large-scale account-takeover attack or accurate targeted ones.
uniqid are cryptographically insecure.)
This vulnerability is capable of allowing attackers to take over accounts.