Description

It is possible to crack the token's hash and obtain the information it is masking because it is not generated using a secure cryptographic mechanism.

Impact

Reuse session tokens after 14 days created.

Recommendation

Generate a token with random components without sensitive information.

Threat

Anonymous attacker from the Internet with access to the hash.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

Fixes