Bug#328919: apache: mod_usertrack generates non-random cookies
Package: apache
Severity: normal
mod_usertrack generates non-random cookies (see the source code and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1534). I don't
think that this is a real security issue because mod_usertrack only uses
the cookies for invading user privacy, not for authentication (however,
there seems to be one Apache Perl module that uses these cookies for
some kind of session ID). The MITRE database seems to disagree, so
please check who's right. Thanks.
Reply to: