Summary

Acunetix 360 detected that the application is using a version 1 GUID (often called UUID) in the cookie. UUIDs are just 128-bit pieces of data, that are displayed as (128/4) = 32 hexadecimal digits, like this: ba6eb330-4f7f-11eb-a2fb-67c34e9ac07c

Impact

The GUID is generated in a predictable manner based on:

  • The current time
  • A randomly generated "clock sequence" which remains constant between GUIDs during the uptime of the generating system
  • A "node ID", which is generated based on the system's MAC address if it is available

Remediation

Affected applications should update to version 4 of GUID.

Severity

Information

Classification

CWE-328 OWASP 2013-A9 OWASP 2017-A3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N