21 matches found
OESA-2026-2423 perl-Authen-SASL security update
Authen::SASL::Perl is the pure Perl implementation of SASL mechanisms in the Authen::SASL framework, At the time of this writing it provides the client part implementation for the following SASL mechanisms. Security Fixes: Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl...
TencentOS Server 4: perl-Authen-SASL (TSSA-2025:0713)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0713 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Mageia: Security Advisory (MGASA-2025-0285)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated perl-Authen-SASL packages fix security vulnerability
Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. CVE-2025-40918...
SUSE: Security Advisory (SUSE-SU-2025:03088-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2025:03087-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2025:03087-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: perl-Authen-SASL
Issue Overview: Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time m...
Security update for perl-Authen-SASL, perl-Crypt-URandom
This update for perl-Authen-SASL, perl-Crypt-URandom fixes the following issues: Changes in perl-Authen-SASL: CVE-2025-40918: insecurely generated client nonce bsc1246623 Changes in perl-Crypt-URandom: Shipped in version 0.540.0 0.54. Patch Instructions: To install this SUSE update use the SUSE...
SUSE-SU-2025:03088-1 Security update for perl-Authen-SASL, perl-Crypt-URandom
This update for perl-Authen-SASL, perl-Crypt-URandom fixes the following issues: Changes in perl-Authen-SASL: - CVE-2025-40918: insecurely generated client nonce bsc1246623 Changes in perl-Crypt-URandom: Shipped in version 0.540.0 0.54...
Security update for perl-Authen-SASL, perl-Crypt-URandom
This update for perl-Authen-SASL, perl-Crypt-URandom fixes the following issues: Changes in perl-Authen-SASL: CVE-2025-40918: Fixed insecurely generated client nonce bsc1246623 Changes in perl-Crypt-URandom: Included 0.540.0 for use by perl-Authen-SASL in SLE-15 jscPED-13306 / bsc1246623. Patch...
Medium: perl-Authen-SASL
Issue Overview: Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time m...
Linux Distros Unpatched Vulnerability : CVE-2025-40918
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of th...
perl-Authen-SASL-2.180.0-2.1 on GA media (moderate)
perl-Authen-SASL-2.180.0-2.1 on GA media Announcement ID: openSUSE-SU-2025:15385-1 Rating: moderate Cross-References: CVE-2025-40918 CVSS scores: CVE-2025-40918 SUSE : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2025-40918 SUSE : 8.2...
CVE-2025-40918
A client nonce cnonce generation flaw has been discovered in Authen::SASL::Perl::DIGESTMD5. The cnonce is generated from an MD5 hash of the PID, the epoch time, and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed if it is not leaked fro...
CVE-2025-40918
Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...
CVE-2025-40918
Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...
CVE-2025-40918
creationtimestamp| type| source ---|---|--- 2025-07-16 14:14:44+00:00| seen| https://seclists.org/oss-sec/2025/q3/47 2025-07-16 16:25:24+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lu3tfkbd672d 2025-07-19 16:03:46+00:00| seen|...
CVE-2025-40918
Authen::SASL::Perl::DIGEST_MD5 (versions 2.04–2.1800) uses an insecure cnonce generator, composing the nonce from an MD5 of the PID, epoch time, and rand(), which weakens entropy below the RFC 2831-recommended 64 bits. Exploitation potential is supported by the CVSS data (Network, Low-to-Medium i...
CVE-2025-40918 Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely
Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...