Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Insecure Usage of Version 1 GUID

Severity: Information
Summary#

Invicti detected that the application is using a version 1 GUID (often called UUID) in the cookie. UUIDs are just 128-bit pieces of data, that are displayed as (128/4) = 32 hexadecimal digits, like this: ba6eb330-4f7f-11eb-a2fb-67c34e9ac07c

Impact#

The GUID is generated in a predictable manner based on:

  • The current time
  • A randomly generated "clock sequence" which remains constant between GUIDs during the uptime of the generating system
  • A "node ID", which is generated based on the system's MAC address if it is available
Remediation#

Affected applications should update to version 4 of GUID.

Classifications#
, , ,

Select Category

OR

Search Vulnerability

Related Vulnerabilities

Related Articles

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works