Tokuhirom

**Name of the Vulnerable Software and Affected Versions** HTTP::Session2 versions prior to 1.12 **Description** The software may generate weak session IDs using the `rand()` function. The session ID generator returns a SHA-1 hash seeded with the `rand()` function, epoch time, and the process ID (`PID`). The `rand()` function is not suitable for cryptographic purposes. If the `/dev/urandom` device is unavailable, the software reverts to this insecure method. **Recommendations** Update to version 1.12 or later.