Description

A UUID (Universal Unique Identifier) also known as GUID is a 128-bit value used to uniquely identify an object or entity on the internet. This web application is using Version 1 UUIDs.

Version 1 UUIDs are generated in a predictable manner based on:

  • The current time
  • A randomly generated "clock sequence" which remains constant between GUIDs during the uptime of the generating system
  • A "node ID", which is generated based on the system's MAC address if it is available

Remediation

Replace Version 1 UUIDs with Version 4 UUIDs.

References

In GUID We Trust

RFC4122

Related Vulnerabilities

Python object deserialization of user-supplied data

File tampering

JSF ViewState client side storage

Java object deserialization of user-supplied data

Database User Has Admin Privileges

Severity

Medium

Classification

CWE-328 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Weak Crypto