Insecure Usage of Version 1 GUID

Severity: Information

Invicti detected that the application is using a version 1 GUID (often called UUID) in the cookie. UUIDs are just 128-bit pieces of data, that are displayed as (128/4) = 32 hexadecimal digits, like this: ba6eb330-4f7f-11eb-a2fb-67c34e9ac07c


The GUID is generated in a predictable manner based on:

  • The current time
  • A randomly generated "clock sequence" which remains constant between GUIDs during the uptime of the generating system
  • A "node ID", which is generated based on the system's MAC address if it is available

Affected applications should update to version 4 of GUID.

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works