CVE-2021-27913

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 3.3.4 Mautic versions prior to 4.0.0

Description: The function mt rand is used to generate session tokens, which is cryptographically flawed due to its pseudorandom nature. An attacker can exploit this flaw to enumerate session tokens for accounts not under their control. This could allow an attacker to takeover accounts at random by enumerating and using access tokens.

Recommendations: For Mautic versions prior to 3.3.4, update to version 3.3.4 or later. For Mautic versions prior to 4.0.0, update to version 4.0.0 or later. As a temporary workaround, consider disabling the use of mt rand for generating session tokens until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. Avoid using the mt rand function for security-critical operations until the issue is resolved.