CVE-2026-47372 PUBLISHED

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts

Assigner: CPANSec
Reserved: 19.05.2026 Published: 20.05.2026 Updated: 21.05.2026

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.

These versions use the built-in rand function, which is predictable and unsuitable for cryptography.

Product Status

Vendor RRWO
Product Crypt::SaltedHash
Versions Default: unaffected
  • affected from 0 to 0.09 (incl.)

Solutions

Upgrade to version 0.10 or later.

References

Problem Types

  • CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) CWE