CVE-2025-15604: CWE-340 Generation of Predictable Numbers or Identifiers in TOKUHIROM Amon2
Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions. In versions 6.06 through 6.16, the random_string function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 hash seeded with the built-in rand() function, the PID, and the high resolution epoch time. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Before version 6.06, there was no fallback when /dev/urandom was not available. Before version 6.04, the random_string function used the built-in rand() function to generate a mixed-case alphanumeric string. This function may be used for generating session ids, generating secrets for signing or encrypting cookie session data and generating tokens used for Cross Site Request Forgery (CSRF) protection.
AI Analysis
Technical Summary
The vulnerability in Amon2 before version 6.17 arises from the random_string function's reliance on weak randomness sources when /dev/urandom is unavailable. Versions 6.06 to 6.16 attempt to generate random bytes by hashing a combination of the built-in rand() output, process ID, and high-resolution epoch time. Since these inputs are predictable or guessable, the resulting random strings can be predicted. Prior to 6.06, no fallback exists if /dev/urandom is missing, and before 6.04, the function solely used the built-in rand() for generating alphanumeric strings. This weakness affects security-critical functions such as session ID generation, cookie signing/encryption, and CSRF token creation, potentially compromising confidentiality, integrity, and availability.
Potential Impact
The vulnerability allows attackers to predict security tokens generated by the random_string function, including session IDs, cookie signing/encryption secrets, and CSRF tokens. This can lead to session hijacking, forgery of authenticated requests, and compromise of user data integrity and confidentiality. The CVSS score of 9.8 reflects critical impact on confidentiality, integrity, and availability with network attack vector and no required privileges or user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should avoid running Amon2 versions prior to 6.17 in environments where /dev/urandom may be unavailable or consider applying custom patches to ensure cryptographically secure randomness. Using external cryptographic libraries for random number generation is recommended as a temporary mitigation.
CVE-2025-15604: CWE-340 Generation of Predictable Numbers or Identifiers in TOKUHIROM Amon2
Description
Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions. In versions 6.06 through 6.16, the random_string function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 hash seeded with the built-in rand() function, the PID, and the high resolution epoch time. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Before version 6.06, there was no fallback when /dev/urandom was not available. Before version 6.04, the random_string function used the built-in rand() function to generate a mixed-case alphanumeric string. This function may be used for generating session ids, generating secrets for signing or encrypting cookie session data and generating tokens used for Cross Site Request Forgery (CSRF) protection.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in Amon2 before version 6.17 arises from the random_string function's reliance on weak randomness sources when /dev/urandom is unavailable. Versions 6.06 to 6.16 attempt to generate random bytes by hashing a combination of the built-in rand() output, process ID, and high-resolution epoch time. Since these inputs are predictable or guessable, the resulting random strings can be predicted. Prior to 6.06, no fallback exists if /dev/urandom is missing, and before 6.04, the function solely used the built-in rand() for generating alphanumeric strings. This weakness affects security-critical functions such as session ID generation, cookie signing/encryption, and CSRF token creation, potentially compromising confidentiality, integrity, and availability.
Potential Impact
The vulnerability allows attackers to predict security tokens generated by the random_string function, including session IDs, cookie signing/encryption secrets, and CSRF tokens. This can lead to session hijacking, forgery of authenticated requests, and compromise of user data integrity and confidentiality. The CVSS score of 9.8 reflects critical impact on confidentiality, integrity, and availability with network attack vector and no required privileges or user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should avoid running Amon2 versions prior to 6.17 in environments where /dev/urandom may be unavailable or consider applying custom patches to ensure cryptographically secure randomness. Using external cryptographic libraries for random number generation is recommended as a temporary mitigation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CPANSec
- Date Reserved
- 2026-03-08T23:56:33.670Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69c823142b68dbd88eadbff7
Added to database: 3/28/2026, 6:51:00 PM
Last enriched: 4/5/2026, 9:37:03 AM
Last updated: 5/12/2026, 10:38:47 AM
Views: 100
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.