PT-2026-33009

Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The make salt and make salt bcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simpl...

📄 ABB Cylon FLXeon 9.3.5 uukl.js Predictable Salt / Weak Hashing Algorithm

The ABB Cylon FLXeon BACnet controller's /api/uukl.js module implements password verification and update mechanisms using the insecure MD5 hash function alongside weak salt generation via Math.random. This constitutes a cryptographic vulnerability where password hashes are susceptible to collisio...