Lucene search
K

67 matches found

Cvelist
Cvelist
added 2025/07/16 2:4 p.m.17 views

CVE-2025-40919 Authen::DigestMD5 versions 0.01 through 0.04 for Perl generate the cnonce insecurely

Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not...

0.00275EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/16 2:0 p.m.15 views

CVE-2025-40918 Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely

Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...

0.00394EPSS
Exploits0References5
CVE
CVE
added 2025/07/16 2:0 p.m.44 views

CVE-2025-40918

Authen::SASL::Perl::DIGEST_MD5 (versions 2.04–2.1800) uses an insecure cnonce generator, composing the nonce from an MD5 of the PID, epoch time, and rand(), which weakens entropy below the RFC 2831-recommended 64 bits. Exploitation potential is supported by the CVSS data (Network, Low-to-Medium i...

6.5CVSS6.5AI score0.00394EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/07/16 2:0 p.m.3 views

CVE-2025-40918 Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely

Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...

7.2AI score0.00394EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/16 12:0 a.m.5 views

PT-2025-29832 · Unknown · Authen::Digestmd5

Name of the Vulnerable Software and Affected Versions: Authen::DigestMD5 versions 0.01 through 0.02 Description: The cnonce client nonce is generated insecurely using an MD5 hash of the PID, the epoch time, and the built-in rand function. The PID originates from a limited set of numbers, and the...

6.5CVSS6.1AI score0.00275EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.6 views

Authen::DigestMD5 安全漏洞

Authen::DigestMD5 is a module in the Perl language from the Perl community. A security vulnerability exists in Authen::DigestMD5 versions 0.01 through 0.02, which stems from insecure cnonce generation...

6.5CVSS6.8AI score0.00275EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/16 12:0 a.m.5 views

PT-2025-29831

Name of the Vulnerable Software and Affected Versions Authen::SASL::Perl::DIGEST MD5 versions 2.04 through 2.1800 Description The cnonce client nonce is generated insecurely from an MD5 hash of the PID, the epoch time, and the built-in rand function. The PID originates from a limited set of...

6.5CVSS6.5AI score0.00394EPSS
Exploits0References32
Rockylinux
Rockylinux
added 2022/05/17 7:10 a.m.12 views

new packages: perl-Authen-SASL

An update is available for perl-Authen-SASL. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

2.2AI score
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.8 views

Mageia: Security Advisory (MGASA-2014-0167)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References4
CNNVD
CNNVD
added 2021/10/22 12:0 a.m.5 views

ANCOM WLAN Controller WLC-1000 跨站脚本漏洞

The ANCOM WLAN Controller WLC-1000 is an industrial control system. A security vulnerability exists in the ANCOM WLAN Controller WLC-1000 and WLC-4006 that allows an attacker to include multiple cross-site scripting vulnerabilities in the "/authen/start/" module via the user ID and password...

5.4CVSS5.5AI score0.00551EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2018/01/28 12:0 a.m.26 views

Debian: Security Advisory (DLA-988-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS7.2AI score0.01368EPSS
Exploits0References3
Debian
Debian
added 2017/06/16 10:40 a.m.79 views

[SECURITY] [DLA 988-1] rt-authen-externalauth security update

Package : rt-authen-externalauth Version : 0.10-4+deb7u1 CVE ID : CVE-2017-5361 It was discovered that RT::Authen::ExternalAuth, an external authentication module for Request Tracker, is vulnerable to timing side-channel attacks for user passwords. Only ExternalAuth in DBI database mode is...

5.9CVSS6.9AI score0.01368EPSS
Exploits0
Debian
Debian
added 2017/06/15 7:7 p.m.34 views

[SECURITY] [DSA 3883-1] rt-authen-externalauth security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3883-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 15, 2017 https://www.debian.org/security/faq -...

5.9CVSS7.1AI score0.01368EPSS
Exploits0
OpenVAS
OpenVAS
added 2017/06/15 12:0 a.m.36 views

Debian Security Advisory DSA 3883-1 (rt-authen-externalauth - security update)

It was discovered that RT::Authen::ExternalAuth, an external authentication module for Request Tracker, is vulnerable to timing side-channel attacks for user passwords. Only ExternalAuth in DBI database mode is vulnerable. OpenVAS Vulnerability Test $Id: deb3883.nasl 6682 2017-07-12 09:00:18Z...

4.3CVSS0.2AI score0.01368EPSS
Exploits0References1
OSV
OSV
added 2017/06/15 12:0 a.m.29 views

DSA-3883-1 rt-authen-externalauth - security update

Bulletin has no description...

5.9CVSS6.9AI score0.01368EPSS
Exploits0
OSV
OSV
added 2017/06/15 12:0 a.m.27 views

DLA-988-1 rt-authen-externalauth - security update

Bulletin has no description...

5.9CVSS6.9AI score0.01368EPSS
Exploits0
OpenVAS
OpenVAS
added 2017/06/14 12:0 a.m.27 views

Debian: Security Advisory (DSA-3883-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS7.2AI score0.01368EPSS
Exploits0References3
OSV
OSV
added 2014/04/09 5:30 a.m.7 views

MGASA-2014-0167 Updated perl-Authen-Captcha package uses randomly generated filenames

An issue in previous versions of perl-Authen-Captcha is that the generated public string file name of the picture for the captcha is merely a checksum of the secret string. It is trivial to break such short strings even using google instead of a rainbow table. This new version of...

7AI score
Exploits0References3
Mageia
Mageia
added 2014/04/09 5:30 a.m.15 views

Updated perl-Authen-Captcha package uses randomly generated filenames

An issue in previous versions of perl-Authen-Captcha is that the generated public string file name of the picture for the captcha is merely a checksum of the secret string. It is trivial to break such short strings even using google instead of a rainbow table. This new version of...

3.9AI score
Exploits0References2
OpenVAS
OpenVAS
added 2014/04/08 12:0 a.m.13 views

Fedora Update for perl-Authen-Captcha FEDORA-2014-4454

Check for the Version of perl-Authen-Captcha OpenVAS Vulnerability Test Fedora Update for perl-Authen-Captcha FEDORA-2014-4454 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/o...

0.1AI score
Exploits0References2
Rows per page
Query Builder