Threats Tagged 'cwe-340'
View all threats tagged with 'cwe-340'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cwe-340'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-11374: CWE-340: Generation of Predictable Numbers or Identifiers in zohocorp manageengine_adselfservice_plusCVE-2026-11374 0 In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover. Join the discussion | CVE Database V5 | 06/23/2026, 08:19:30 UTC Added: 06/23/2026, 09:24:12 UTC |
CVE-2026-9733: CWE-340 Generation of Predictable Numbers or Identifiers in HAYAJO Mojolicious::Plugin::Web::Auth::OAuth2CVE-2026-9733 0 Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time (which is leaked via the HTTP Date header) and a call to Perl's built-in rand function. A predictable state allows an attacker to hijack another user's session through cross site request forgery (CSRF). Join the discussion | CVE Database V5 | 06/23/2026, 07:05:20 UTC Added: 06/23/2026, 08:09:14 UTC |
CVE-2026-9692: CWE-340 Generation of Predictable Numbers or Identifiers in HAYAJO Mojolicious::Sessions::StorableCVE-2026-9692 0 Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy sources that are unsuitable for security purposes. Join the discussion | CVE Database V5 | 06/18/2026, 17:53:03 UTC Added: 06/18/2026, 18:52:19 UTC |
CVE-2026-42932: CWE-340 Generation of Predictable Numbers or Identifiers in Naxclow Smart Doorbell X3CVE-2026-42932 0 Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated. Join the discussion | CVE Database V5 | 06/12/2026, 18:17:39 UTC Added: 06/12/2026, 18:55:14 UTC |
Showing 1 to 4 of 4 results