4 matches found
CVE-2025-40920
creationtimestamp| type| source ---|---|--- 2025-08-11 22:22:37+00:00| seen| https://seclists.org/oss-sec/2025/q3/92 2025-08-11 22:22:37+00:00| seen| https://seclists.org/oss-sec/2025/q3/92 2025-08-11 22:22:37+00:00| seen| https://seclists.org/oss-sec/2025/q3/92 2025-08-11 22:22:37+00:00| seen|...
CVE-2025-40920
An insecure nonce generation flaw was found in the Catalyst::Authentication::Credential::HTTP perl module, where it does not use a strong cryptographic source for generating nonces. This flaw allows an attacker to decrypt communications. Mitigation Mitigation for this issue is either not availabl...
CVE-2025-40920
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. Data::UUID does not use a strong cryptographic source for generating UUIDs. Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable...
CVE-2025-40920 Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. Data::UUID does not use a strong cryptographic source for generating UUIDs. Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable...