13 matches found
MetaCPAN Crypt::RandomEncryption 安全漏洞
MetaCPAN Crypt::RandomEncryption is a Perl library from the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Crypt::RandomEncryption version 0.01, which stems from the use of an insecure rand function for encryption, which may result in insufficient encryption strength...
CVE-2024-58135
Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and used for authenticating and protecting...
CVE-2024-58135
Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and...
CVE-2024-58135
Mojolicious (Perl) vulnerability CVE-2024-58135: default app skeleton generation using mojo generate app writes a weak HMAC session secret via the insecure rand() function, enabling potential brute-forcing of session keys. Affected: Mojolicious versions from 7.28 for Perl (and related 0.999922–9....
UBUNTU-CVE-2025-2814
Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to u...
CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions
Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...
CVE-2024-56370 Net::Xero 0.044 and earlier for Perl uses insecure rand() function for cryptographic functions
Net::Xero 0.044 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Rand...
CVE-2024-58036 Net::Dropbox::API 1.9 and earlier for Perl uses insecure rand() function for cryptographic functions
Net::Dropbox::API 1.9 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is "Useful mostly for test...
CVE-2025-1805 Crypt::Salt for Perl uses insecure rand() function when generating salts for cryptographic purposes
Crypt::Salt for Perl version 0.01 uses insecure rand function when generating salts for cryptographic purposes...
CVE-2025-27552
DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032...
CVE-2024-45723
The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast ...
CVE-2024-45723
Summary: CVE-2024-45723 affects the goTenna Pro ATAK Plugin. The root cause is the use of a cryptographically weak pseudo-random number generator (not SecureRandom) when generating passwords for sharing cryptographic keys, enabling easier brute-force if the RF-broadcast key is captured. Affected ...
CVE-2024-47126
CVE-2024-47126 is confirmed via connected sources as a vulnerability in the goTenna Pro ecosystem where the app does not use SecureRandom when generating passwords to share cryptographic keys. The underlying flaw is a weak PRNG in the key-sharing flow, enabling a potential brute-force attack if t...