Predictable Token Generation in RELATE Courseware Authentication

RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() function. This issue has been patched via commit 2f68e16.

Casky was already ahead

This CVE exploits attack patterns that Casky's 215matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.

Analysis

RELATE is a web-based courseware platform that uses weak random number generation for critical security tokens in its authentication and exam systems. The vulnerability exists in two functions: make_sign_in_key() generates predictable sign-in tokens, while gen_ticket_code() produces predictable exam access codes. This is a high-severity issue (CVSS 8.7) because attackers can forge authentication tokens and exam tickets without legitimate credentials, potentially gaining unauthorized access to student accounts, instructor privileges, and sensitive course materials. Educational institutions deploying RELATE are directly at risk, along with their students and instructors whose accounts could be compromised.

Casky's 215 mapped skills leverage Claude's extended reasoning to identify the patterns behind CWE-330 (Use of Insufficiently Random Values) and CWE-338 (Use of Cryptographically Weak Pseudo-Random Number Generator) exploitation under MITRE ATT&CK's TA0006 (Credential Access). Practitioners using Casky would detect this vulnerability through pattern recognition of suspicious token sequences in authentication logs, identification of token generation functions lacking cryptographic randomness, and behavioral analysis showing account access without corresponding login attempts. The AI-driven analysis would surface the root cause—inadequate random number generation—and flag the specific code paths (auth.py and exam.py) where tokens are created, enabling security teams to prioritize patching and audit for prior unauthorized access.

Live Threat IntelligenceComing soon

Casky Risk Score

—

EPSS Probability

—

Shodan Exposure

—

GreyNoise Signal

—

Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →

215 Casky skills cover this attack pattern

These skills use Claude AI's reasoning model to surface findings in the same attack categories as CVE-2026-41505.

analyzing-cloud-storage-access-patterns

cloud security · low

Run

analyzing-malicious-url-with-urlscan

phishing defense · medium

Run

analyzing-office365-audit-logs-for-compromise

cloud security · low

Run

MITRE ATT&CK Techniques

TA0006

Investigate the attack patterns behind CVE-2026-41505

Casky has 215 skills that investigate the attack patterns behind CVE-2026-41505. Run one and get CVSS-scored findings in 3 minutes.

Run the skill that detects this →

X Instagram LinkedIn