Description
Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter.

When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time (which is leaked via the HTTP Date header) and a call to Perl's built-in rand function.

A predictable state allows an attacker to hijack another user's session through cross site request forgery (CSRF).
Published: 2026-06-23
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from an insecure default state parameter in Mojolicious::Plugin::Web::Auth::OAuth2. When no custom state generator is supplied, the plugin creates a SHA‑1 hash of low‑entropy, predictable inputs such as the epoch time and Perl’s built‑in rand function. These state values can be guessed by an attacker, allowing a carefully crafted request to trick a user into authorizing an OAuth flow that the attacker controls. The predictable state enables classic cross‑site request forgery attacks that lead to session hijacking and unauthorized access to the victim’s authenticated session.

Affected Systems

Perl applications that use HAYAJO’s Mojolicious::Plugin::Web::Auth::OAuth2 version 0.17 or earlier are affected. The issue exists in all releases of the plugin up to but not including version 0.18. It impacts any project that relies on the plugin’s OAuth2 module for authentication without providing a custom state generator function.

Risk and Exploitability

The exploit requires an attacker to make a request to the OAuth2 endpoint, supply a forged state that matches the client’s predictable value, and redeem the response. No user interaction beyond the normal OAuth flow is needed, making the attack relatively straightforward in a browser context. With a CVSS score of 9.1, the vulnerability is regarded as high severity. The EPSS score of < 1% indicates low likelihood of exploitation, but the potential for session hijacking and impersonation grants this flaw a high practical risk. The vulnerability is not listed in CISA’s KEV catalog, and the CWE identifiers for Cryptographic Primitive Weakness (CWE‑338) and Random Number Generation Weakness (CWE‑340) underscore the seriousness of the flaw.

Generated by OpenCVE AI on June 24, 2026 at 11:30 UTC.

Remediation

Vendor Workaround

Users should specify a state_generator function in the plugin configuration that uses a secure CSPRNG such as Crypt::PRNG or (for Mojolicious 9.46 or later) the Mojo::Util::random_bytes function. For example, plugin 'Web::Auth', module => 'OAuth2', ... state_generator => sub { unpack("H*", Mojo::Util::random_bytes(20)) };


OpenCVE Recommended Actions

  • Apply the security patch from Metacpan (CVE-2026-9733-r2.patch) to replace the insecure default state generation logic.
  • Configure the plugin to use a secure random state generator, for example by setting state_generator => sub { unpack("H*", Mojo::Util::random_bytes(20)) } or using Crypt::PRNG.
  • Upgrade to a later release of Mojolicious::Plugin::Web::Auth::OAuth2 that defaults to a cryptographically secure state parameter if such a release becomes available.

Generated by OpenCVE AI on June 24, 2026 at 11:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Hayajo
Hayajo mojolicious::plugin::web::auth::oauth2
Vendors & Products Hayajo
Hayajo mojolicious::plugin::web::auth::oauth2

Tue, 23 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 08:15:00 +0000

Type Values Removed Values Added
Description Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time (which is leaked via the HTTP Date header) and a call to Perl's built-in rand function. A predictable state allows an attacker to hijack another user's session through cross site request forgery (CSRF).
Title Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter
Weaknesses CWE-338
CWE-340
References

Subscriptions

Hayajo Mojolicious::plugin::web::auth::oauth2
cve-icon MITRE

Status: PUBLISHED

Assigner: CPANSec

Published:

Updated: 2026-06-23T14:18:05.692Z

Reserved: 2026-05-27T17:25:58.644Z

Link: CVE-2026-9733

cve-icon Vulnrichment

Updated: 2026-06-23T09:06:58.202Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T11:45:02Z

Weaknesses
  • CWE-338

    Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

  • CWE-340

    Generation of Predictable Numbers or Identifiers