67 matches found
CVE-2025-40919 Authen::DigestMD5 versions 0.01 through 0.04 for Perl generate the cnonce insecurely
Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not...
CVE-2025-40918 Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely
Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...
CVE-2025-40918
Authen::SASL::Perl::DIGEST_MD5 (versions 2.04–2.1800) uses an insecure cnonce generator, composing the nonce from an MD5 of the PID, epoch time, and rand(), which weakens entropy below the RFC 2831-recommended 64 bits. Exploitation potential is supported by the CVSS data (Network, Low-to-Medium i...
CVE-2025-40918 Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely
Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...
PT-2025-29832 · Unknown · Authen::Digestmd5
Name of the Vulnerable Software and Affected Versions: Authen::DigestMD5 versions 0.01 through 0.02 Description: The cnonce client nonce is generated insecurely using an MD5 hash of the PID, the epoch time, and the built-in rand function. The PID originates from a limited set of numbers, and the...
Authen::DigestMD5 安全漏洞
Authen::DigestMD5 is a module in the Perl language from the Perl community. A security vulnerability exists in Authen::DigestMD5 versions 0.01 through 0.02, which stems from insecure cnonce generation...
PT-2025-29831
Name of the Vulnerable Software and Affected Versions Authen::SASL::Perl::DIGEST MD5 versions 2.04 through 2.1800 Description The cnonce client nonce is generated insecurely from an MD5 hash of the PID, the epoch time, and the built-in rand function. The PID originates from a limited set of...
new packages: perl-Authen-SASL
An update is available for perl-Authen-SASL. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
Mageia: Security Advisory (MGASA-2014-0167)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ANCOM WLAN Controller WLC-1000 跨站脚本漏洞
The ANCOM WLAN Controller WLC-1000 is an industrial control system. A security vulnerability exists in the ANCOM WLAN Controller WLC-1000 and WLC-4006 that allows an attacker to include multiple cross-site scripting vulnerabilities in the "/authen/start/" module via the user ID and password...
Debian: Security Advisory (DLA-988-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 988-1] rt-authen-externalauth security update
Package : rt-authen-externalauth Version : 0.10-4+deb7u1 CVE ID : CVE-2017-5361 It was discovered that RT::Authen::ExternalAuth, an external authentication module for Request Tracker, is vulnerable to timing side-channel attacks for user passwords. Only ExternalAuth in DBI database mode is...
[SECURITY] [DSA 3883-1] rt-authen-externalauth security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3883-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 15, 2017 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3883-1 (rt-authen-externalauth - security update)
It was discovered that RT::Authen::ExternalAuth, an external authentication module for Request Tracker, is vulnerable to timing side-channel attacks for user passwords. Only ExternalAuth in DBI database mode is vulnerable. OpenVAS Vulnerability Test $Id: deb3883.nasl 6682 2017-07-12 09:00:18Z...
DSA-3883-1 rt-authen-externalauth - security update
Bulletin has no description...
DLA-988-1 rt-authen-externalauth - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3883-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2014-0167 Updated perl-Authen-Captcha package uses randomly generated filenames
An issue in previous versions of perl-Authen-Captcha is that the generated public string file name of the picture for the captcha is merely a checksum of the secret string. It is trivial to break such short strings even using google instead of a rainbow table. This new version of...
Updated perl-Authen-Captcha package uses randomly generated filenames
An issue in previous versions of perl-Authen-Captcha is that the generated public string file name of the picture for the captcha is merely a checksum of the secret string. It is trivial to break such short strings even using google instead of a rainbow table. This new version of...
Fedora Update for perl-Authen-Captcha FEDORA-2014-4454
Check for the Version of perl-Authen-Captcha OpenVAS Vulnerability Test Fedora Update for perl-Authen-Captcha FEDORA-2014-4454 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/o...