CVE-2021-22948

Name of the Vulnerable Software and Affected Versions revive-adserver versions prior to 5.3.0

Description The issue is related to the generation of session IDs, which is based on the cryptographically insecure uniqid() PHP function. This could potentially allow an attacker to brute force session IDs and take over a specific account under certain circumstances.

Recommendations For versions prior to 5.3.0, update to version 5.3.0 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to protect against brute force attacks on session IDs.