PT-2025-39923

Name of the Vulnerable Software and Affected Versions Crypt::RandomEncryption for Perl version 0.01 Description The Crypt::RandomEncryption Perl module version 0.01 utilizes an insecure rand function during encryption processes. This can compromise the security of encrypted data. Recommendations ...

FreeBSD : p5-Crypt-CBC -- Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (cd7f969e-6cb4-11f0-97c4-40b034429ecf)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cd7f969e-6cb4-11f0-97c4-40b034429ecf advisory. Lib-Crypt-CBC project reports: Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand...

CVE-2024-58135 Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default

Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and...

CVE-2025-2814

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...

CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...

CVE-2025-2814

CVE-2025-2814 affects Crypt::CBC for Perl versions 1.21–3.05, which may use the non-cryptographically secure rand() as the entropy source when /dev/urandom is unavailable. Several advisories confirm the issue and report a fix that sources randomness via Crypt::URandom instead of falling back to r...

CVE-2024-57835 Amon2::Auth::Site::LINE versions through 0.04 for Perl uses insecure rand() function for cryptographic functions

Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random defaults to Perl's built-in predictable random number generator, the rand function, which is not cryptographically secure...

CVE-2024-57868 Web::API 2.8 and earlier for Perl uses insecure rand() function for cryptographic functions

Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random...

BIT-JOOMLA-2021-23126 [20210301] - Core - Insecure randomness within 2FA secret generation

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand function within the process of generating the 2FA secret...

CVE-2025-1805

CVE-2025-1805 affects Crypt::Salt for Perl 0.01, where an insecure rand() is used to generate cryptographic salts. The issue’s impact is described as partial in the assessment (base CVSS 5.3, MEDIUM). Exploitation details are not provided in the sources. Remediation is not specified; several entr...

CVE-2025-1860

Data::Entropy for Perl 0.007 and earlier use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2025-27552 DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Crypt/Eksblowfish/Bcrypt.pm

DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032...

CVE-2025-27551 DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Digest.pm

DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032...

CVE-2025-1828 Perl's Crypt::Random module after 1.05 and before 1.56 may use rand() function for cryptographic functions

Crypt::Random Perl package 1.05 through 1.55 may use rand function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon egd service is not available Crypt::Random will default to use the...

CVE-2021-34430

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic...