Lucene search
K

7 matches found

Fedora
Fedora
added 2026/07/05 1:10 a.m.6 views

[SECURITY] Fedora 44 Update: perl-Crypt-ScryptKDF-0.011-1.fc44

Scrypt is a password-based key derivation function like for example PBKDF2. Scrypt was designed to be "memory-hard" algorithm in order to make it expensive to perform large scale custom hardware attacks...

4.8CVSS5.9AI score0.00222EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/04 12:13 a.m.14 views

CVE-2026-8647

A flaw was found in perl-Crypt-ScryptKDF. The randombytes function in versions through 0.010 uses an insecure random number source when no cryptographically secure pseudorandom number generator CSPRNG module is available. This occurs because the function falls back to using the built-in rand...

4.8CVSS5.6AI score0.00222EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 10:53 p.m.22 views

CVE-2026-8647

CVE-2026-8647 affects Crypt::ScryptKDF for Perl up to version 0.010. When no CSPRNG module is available, the random_bytes path falls back to Perl's built-in rand(), enabling insecure randomness in key derivation. The issue arises if Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random,...

4.8CVSS5.8AI score0.00222EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/26 10:53 p.m.12 views

CVE-2026-8647 Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The randombytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...

5.8AI score0.00222EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 10:53 p.m.9 views

CVE-2026-8647

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The randombytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...

5.8AI score0.00222EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/26 10:53 p.m.13 views

EUVD-2026-32022

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The randombytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...

5.8AI score0.00222EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Crypt::ScryptKDF 安全漏洞

Crypt::ScryptKDF is a Perl cryptography module developed by MIK’s individual developers. It supports Scrypt-based key derivation and cryptographic hash processing functions. Versions of Crypt::ScryptKDF prior to 0.010 contained security vulnerabilities, which stemmed from the use of insecure rand...

4.8CVSS5.8AI score0.00222EPSS
Exploits0References2
Rows per page
Query Builder