Headline
GHSA-m98w-cqp3-qcqr: Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values
Summary
Critical security vulnerabilities exist in both the UUIDv4() and UUID() functions of the github.com/gofiber/utils package. When the system’s cryptographic random number generator (crypto/rand) fails, both functions silently fall back to returning predictable UUID values, including the zero UUID "00000000-0000-0000-0000-000000000000". This compromises the security of all Fiber applications using these functions for security-critical operations.
Both functions are vulnerable to the same root cause (crypto/rand failure):
UUIDv4(): Indirect vulnerability throughuuid.NewRandom()→crypto/rand.Read()→ fallback toUUID()UUID(): Direct vulnerability throughcrypto/rand.Read(uuidSeed[:])→ silent zero UUID return
Vulnerability Details
Affected Functions
- Package:
github.com/gofiber/utils - Functions:
UUIDv4()andUUID() - Return Type:
string(both functions) - Locations:
common.go:93-99(UUIDv4),common.go:60-89(UUID)
Technical Description
The vulnerability occurs through two related but distinct failure paths, both ultimately caused by crypto/rand.Read() failures:
Primary Path: UUIDv4() Vulnerability
UUIDv4()callsgoogle/uuid.NewRandom()which internally usescrypto/rand.Read()- If
uuid.NewRandom()fails due to entropy exhaustion,UUIDv4()falls back to the internalUUID()function - No error is returned to the application - silent security failure occurs
Secondary Path: UUID() Vulnerability
UUID()directly callscrypto/rand.Read(uuidSeed[:])to seed its internal state- If seeding fails,
UUID()silently fails and returns the zero UUID"00000000-0000-0000-0000-000000000000" - Applications receive predictable UUIDs with no indication of the security failure
Both functions are vulnerable to the same root cause (crypto/rand failure):
UUIDv4(): Indirect vulnerability throughuuid.NewRandom()→crypto/rand.Read()→ fallback toUUID()UUID(): Direct vulnerability throughcrypto/rand.Read(uuidSeed[:])→ silent zero UUID return
Code Analysis
UUIDv4() Vulnerability Path
// Vulnerable code in UUIDv4() - Indirect rand.Read() failure
func UUIDv4() string {
token, err := uuid.NewRandom() // Uses crypto/rand.Read() internally
if err != nil {
return UUID() // Dangerous fallback - no error returned to application
}
return token.String()
}
UUID() Vulnerability Path
// Vulnerable fallback function UUID() - Direct rand.Read() failure
func UUID() string {
uuidSetup.Do(func() {
if _, err := rand.Read(uuidSeed[:]); err != nil { // Direct crypto/rand.Read() call
return // Silent failure - no seeding, uuidCounter remains 0
}
uuidCounter = binary.LittleEndian.Uint64(uuidSeed[:8])
})
if atomic.LoadUint64(&uuidCounter) <= 0 {
return "00000000-0000-0000-0000-000000000000" // Zero UUID returned silently
}
// ... generate UUID from counter
}
Root Cause: Both vulnerabilities stem from crypto/rand.Read() failures, but occur through different code paths with the same dangerous silent failure behavior.
Security Impact
Severity: CRITICAL
This issue is especially severe because many Fiber middleware packages (session, CSRF, auth, rate-limit, request-ID, etc.) default to utils.UUIDv4() for generating security-sensitive identifiers. A failure in crypto/rand would cause every generated identifier across the entire application to collapse to a single predictable value (often the zero UUID), resulting in:
- Session fixation / universal session hijack
- CSRF token predictability and bypass
- Authentication token replay
- Global identifier collisions leading to severe application breakage
- Potential application-wide DoS due to every request using the same “unique” key, causing cache overwrites, session stomping, corrupted internal maps, and loss of isolation across all users
Attack Scenario
Importantly, while true entropy exhaustion is extremely rare on modern Linux systems, entropy access failures (e.g., restricted /dev/random//dev/urandom access, broken container environments, sandbox restrictions, misconfigured VMs, or FIPS-mode RNG failures) are more realistic failure modes. In these scenarios, crypto/rand may return errors immediately — triggering the vulnerable fallback paths.
Real-World Impact
- Session fixation or hijacking (predictable session IDs)
- CSRF token forging or bypass
- Authentication replay / token prediction
- Potential denial-of-service (DoS) key-based structures (sessions, rate-limits, caches, CSRF token stores) collapse into a single shared key if the zero UUID is returned, causing widespread overwrite, lock contention, or state corruption
- Request-ID collisions, undermining logging and trace integrity
- General compromise of confidentiality, integrity, and authorization logic relying on UUIDs for uniqueness or secrecy
Proof of Concept
The vulnerability can be demonstrated by examining the fallback behavior in the source code. When crypto/rand fails:
uuid.NewRandom()fails (indirectcrypto/rand.Read()failure)UUIDv4()callsUUID()as fallback with no error returnedUUID()seeding fails directly viacrypto/rand.Read(uuidSeed[:])- Zero UUID
"00000000-0000-0000-0000-000000000000"is returned silently - No error is propagated to the application from either function
Both UUIDv4() and UUID() exhibit the same dangerous silent failure behavior when crypto/rand is unavailable.
Affected Versions
- All versions of
github.com/gofiber/utilscontaining theUUIDv4()function - Applications using Fiber middleware that depend on
UUIDv4()for security
Mitigation
Immediate Workaround
Replace usage of utils.UUIDv4() with uuid.New() or wait for fix:
// Instead of:
sessionID := utils.UUIDv4()
// Use:
sessionID := uuid.New()
Recommended Fix
Modify utils.UUIDv4() and utils.UUID()to fail explicitly when cryptographic randomness is unavailable:
func UUIDv4() string {
token, err := uuid.NewRandom()
if err != nil {
panic(fmt.Sprintf("utils: failed to generate secure UUID: %v", err))
}
return token.String()
}
func UUID() string {
uuidSetup.Do(func() {
if _, err := rand.Read(uuidSeed[:]); err != nil {
panic(fmt.Sprintf("utils: failed to seed UUID generator: %v", err))
}
uuidCounter = binary.LittleEndian.Uint64(uuidSeed[:8])
})
if atomic.LoadUint64(&uuidCounter) <= 0 {
panic("utils: UUID generator not properly seeded")
}
// ... generate UUID from counter
}
Detection
Applications can detect if they’re affected by:
- Checking if they use
github.com/gofiber/utilspackage - Searching for
UUIDv4()usage in security-critical code paths - Reviewing middleware configurations that use UUIDv4 as defaults
or
- Checking to see if any Fiber middleware is used that relies on defaults of
UUIDv4()for security identifiers.
Contact
Reported by: @sixcolors
Classification
- OWASP: A02:2021 - Cryptographic Failures
- Impact: Complete compromise of application security model
- Exploitability: Medium (requires entropy exhaustion)
- Scope: All Fiber applications using affected middleware
Summary
Critical security vulnerabilities exist in both the UUIDv4() and UUID() functions of the github.com/gofiber/utils package. When the system’s cryptographic random number generator (crypto/rand) fails, both functions silently fall back to returning predictable UUID values, including the zero UUID "00000000-0000-0000-0000-000000000000". This compromises the security of all Fiber applications using these functions for security-critical operations.
Both functions are vulnerable to the same root cause (crypto/rand failure):
- UUIDv4(): Indirect vulnerability through uuid.NewRandom() → crypto/rand.Read() → fallback to UUID()
- UUID(): Direct vulnerability through crypto/rand.Read(uuidSeed[:]) → silent zero UUID return
Vulnerability Details****Affected Functions
- Package: github.com/gofiber/utils
- Functions: UUIDv4() and UUID()
- Return Type: string (both functions)
- Locations: common.go:93-99 (UUIDv4), common.go:60-89 (UUID)
Technical Description
The vulnerability occurs through two related but distinct failure paths, both ultimately caused by crypto/rand.Read() failures:
Primary Path: UUIDv4() Vulnerability
- UUIDv4() calls google/uuid.NewRandom() which internally uses crypto/rand.Read()
- If uuid.NewRandom() fails due to entropy exhaustion, UUIDv4() falls back to the internal UUID() function
- No error is returned to the application - silent security failure occurs
Secondary Path: UUID() Vulnerability
- UUID() directly calls crypto/rand.Read(uuidSeed[:]) to seed its internal state
- If seeding fails, UUID() silently fails and returns the zero UUID “00000000-0000-0000-0000-000000000000”
- Applications receive predictable UUIDs with no indication of the security failure
Both functions are vulnerable to the same root cause (crypto/rand failure):
- UUIDv4(): Indirect vulnerability through uuid.NewRandom() → crypto/rand.Read() → fallback to UUID()
- UUID(): Direct vulnerability through crypto/rand.Read(uuidSeed[:]) → silent zero UUID return
Code Analysis****UUIDv4() Vulnerability Path
// Vulnerable code in UUIDv4() - Indirect rand.Read() failure func UUIDv4() string { token, err := uuid.NewRandom() // Uses crypto/rand.Read() internally if err != nil { return UUID() // Dangerous fallback - no error returned to application } return token.String() }
UUID() Vulnerability Path
// Vulnerable fallback function UUID() - Direct rand.Read() failure func UUID() string { uuidSetup.Do(func() { if _, err := rand.Read(uuidSeed[:]); err != nil { // Direct crypto/rand.Read() call return // Silent failure - no seeding, uuidCounter remains 0 } uuidCounter = binary.LittleEndian.Uint64(uuidSeed[:8]) }) if atomic.LoadUint64(&uuidCounter) <= 0 { return “00000000-0000-0000-0000-000000000000” // Zero UUID returned silently } // … generate UUID from counter }
Root Cause: Both vulnerabilities stem from crypto/rand.Read() failures, but occur through different code paths with the same dangerous silent failure behavior.
Security Impact****Severity: CRITICAL
This issue is especially severe because many Fiber middleware packages (session, CSRF, auth, rate-limit, request-ID, etc.) default to utils.UUIDv4() for generating security-sensitive identifiers. A failure in crypto/rand would cause every generated identifier across the entire application to collapse to a single predictable value (often the zero UUID), resulting in:
- Session fixation / universal session hijack
- CSRF token predictability and bypass
- Authentication token replay
- Global identifier collisions leading to severe application breakage
- Potential application-wide DoS due to every request using the same “unique” key, causing cache overwrites, session stomping, corrupted internal maps, and loss of isolation across all users
Attack Scenario
Importantly, while true entropy exhaustion is extremely rare on modern Linux systems, entropy access failures (e.g., restricted /dev/random//dev/urandom access, broken container environments, sandbox restrictions, misconfigured VMs, or FIPS-mode RNG failures) are more realistic failure modes. In these scenarios, crypto/rand may return errors immediately — triggering the vulnerable fallback paths.
Real-World Impact
- Session fixation or hijacking (predictable session IDs)
- CSRF token forging or bypass
- Authentication replay / token prediction
- Potential denial-of-service (DoS) key-based structures (sessions, rate-limits, caches, CSRF token stores) collapse into a single shared key if the zero UUID is returned, causing widespread overwrite, lock contention, or state corruption
- Request-ID collisions, undermining logging and trace integrity
- General compromise of confidentiality, integrity, and authorization logic relying on UUIDs for uniqueness or secrecy
Proof of Concept
The vulnerability can be demonstrated by examining the fallback behavior in the source code. When crypto/rand fails:
- uuid.NewRandom() fails (indirect crypto/rand.Read() failure)
- UUIDv4() calls UUID() as fallback with no error returned
- UUID() seeding fails directly via crypto/rand.Read(uuidSeed[:])
- Zero UUID “00000000-0000-0000-0000-000000000000” is returned silently
- No error is propagated to the application from either function
Both UUIDv4() and UUID() exhibit the same dangerous silent failure behavior when crypto/rand is unavailable.
Affected Versions
- All versions of github.com/gofiber/utils containing the UUIDv4() function
- Applications using Fiber middleware that depend on UUIDv4() for security
Mitigation****Immediate Workaround
Replace usage of utils.UUIDv4() with uuid.New() or wait for fix:
// Instead of: sessionID := utils.UUIDv4()
// Use: sessionID := uuid.New()
Recommended Fix
Modify utils.UUIDv4() and utils.UUID()to fail explicitly when cryptographic randomness is unavailable:
func UUIDv4() string { token, err := uuid.NewRandom() if err != nil { panic(fmt.Sprintf("utils: failed to generate secure UUID: %v", err)) } return token.String() }
func UUID() string { uuidSetup.Do(func() { if _, err := rand.Read(uuidSeed[:]); err != nil { panic(fmt.Sprintf("utils: failed to seed UUID generator: %v", err)) } uuidCounter = binary.LittleEndian.Uint64(uuidSeed[:8]) }) if atomic.LoadUint64(&uuidCounter) <= 0 { panic(“utils: UUID generator not properly seeded”) } // … generate UUID from counter }
Detection
Applications can detect if they’re affected by:
- Checking if they use github.com/gofiber/utils package
- Searching for UUIDv4() usage in security-critical code paths
- Reviewing middleware configurations that use UUIDv4 as defaults
or
- Checking to see if any Fiber middleware is used that relies on defaults of UUIDv4() for security identifiers.
Contact
Reported by: @sixcolors
Classification
- OWASP: A02:2021 - Cryptographic Failures
- Impact: Complete compromise of application security model
- Exploitability: Medium (requires entropy exhaustion)
- Scope: All Fiber applications using affected middleware
References
- GHSA-m98w-cqp3-qcqr
- gofiber/utils@6c6cf04