Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Insecure usage of Version 1 UUID/GUID - Vulnerability Database

Insecure usage of Version 1 UUID/GUID

Description

A UUID (Universal Unique Identifier) also known as GUID is a 128-bit value used to uniquely identify an object or entity on the internet. This web application is using Version 1 UUIDs.

Version 1 UUIDs are generated in a predictable manner based on:

  • The current time
  • A randomly generated "clock sequence" which remains constant between GUIDs during the uptime of the generating system
  • A "node ID", which is generated based on the system's MAC address if it is available

Remediation

Replace <strong>Version 1 UUIDs</strong> with <strong>Version 4 UUIDs</strong>.

References

In GUID We Trust
RFC4122

Related Vulnerabilities

WordPress plugin WPtouch insecure nonce generation High
Common tags: Abuse Of Functionality Weak Crypto
PHP mail function ASCII control character header spoofing vulnerability Medium
Common tags: Abuse Of Functionality
Padding oracle attack High
Common tags: Weak Crypto
Insecure Transportation Security Protocol Supported (TLS 1.1) Information
Common tags: Weak Crypto
Insecure Transportation Security Protocol Supported (TLS 1.0) High
Common tags: Weak Crypto

Severity

Medium

Classification

CWE-328
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality
Weak Crypto