CVE-2018-12520

Name of the Vulnerable Software and Affected Versions ntopng versions prior to 3.4.180617

Description An issue was discovered where the pseudo-random number generator (PRNG) involved in generating session IDs is not seeded at program startup, resulting in deterministic session IDs for active user sessions. This allows an attacker with knowledge of the operating system, standard library, and target username to hijack a user's session and escalate their access.

Recommendations For versions prior to 3.4.180617, update to version 3.4.180617 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of session hijacking.