4 matches found
CVE-2025-40919
Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not...
CVE-2025-40919
The CVE-2025-40919 entry concerns Authen::DigestMD5 for Perl, affecting versions 0.01–0.02. The vulnerability stems from generating the cnonce with an MD5 hash of the PID, epoch time, and Perl’s rand(), which can yield low-entropy values (PID from a small set and potentially guessable epoch time)...
CVE-2025-40919 Authen::DigestMD5 versions 0.01 through 0.04 for Perl generate the cnonce insecurely
Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not...
CVE-2025-40919 Authen::DigestMD5 versions 0.01 through 0.04 for Perl generate the cnonce insecurely
Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not...