Use of a Broken or Risky Cryptographic Algorithm

revive-adserver utilizes a PRNG for session-token generation, this means that an attacker could theoretically be able to generate session tokens at random and take over accounts at random. [This function does not generate cryptographically secure values, and should not be used for cryptographic purposes.](https://www.php.net/manual/en/function.uniqid.php) Location: https://github.com/revive-adserver/revive-adserver/blob/6e665eac9b20ff21c167eae420b73a976f3bb52a/www/admin/lib-sessions.inc.php#L228 References: https://www.php.net/manual/en/function.uniqid.php ## Impact This vulnerability is capable of allowing mass account takeover by having attackers generate other users' session tokens.