Amon2 versions prior to 6.17 for Perl contain an insecure implementation of the random_string utility used for generating session identifiers, signing secrets, and CSRF tokens. The function relies on non‑cryptographic randomness; it attempts to read from /dev/urandom, but when that is unavailable it falls back to a construction that concatenates a SHA‑1 hash seeded with the built‑in rand() function, the process ID and a high‑resolution epoch time. Because the seed components have limited entropy or are predictable, the generated tokens can be reproduced or guessed, exposing the application to session hijacking or credential compromise. This weakness maps to CWE‑338 (Cryptographic Failure: Random Number Generation) and CWE‑340 (Cryptographic Failure: Lack of Cryptographic Randomness).

All official releases of the Perl module Amon2 distributed by TOKUHIROM that are older than 6.17 are affected. That includes the series 6.06 through 6.16, which use the insecure fallback logic, as well as earlier releases 6.04 and 6.05 that rely solely on rand(), and any pre‑6.04 versions with no fallback. Applications that import this module to produce session IDs, CSRF tokens, or signed cookie data are at risk; these typically include web frameworks and CGI scripts built upon Amon2.

The CVSS base score of 9.8 marks this as a critical vulnerability, yet the EPSS of less than 1% suggests a low likelihood of current exploitation, and the issue is not catalogued in CISA's Known Exploited Vulnerabilities list. Based on the description, it is inferred that an attacker could remotely compromise an application that generates or exposes tokens through HTTP endpoints, or locally for a user that can trigger token generation. No elevated privileges are required, and the exploitation depends solely on the lack of cryptographic randomness. Consequently, the risk escalates for any service that depends on Amon2 for security token generation.