Affected versions of this package are vulnerable to Improper Authentication
via cookie enumeration. A low privilege user can perform a simple transformation of a cookie to obtain the random values inside it. If an attacker can discover a session cookie owned by an admin, then it is possible to brute force it with
O(n)=2n instead of
O(n)=n^x complexity, and steal the admin password.
There is no fixed version for