CVE-2026-6659 PUBLISHED

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts

Assigner: CPANSec
Reserved: 20.04.2026 Published: 08.05.2026 Updated: 08.05.2026

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts.

The built-in rand function is predictable, and unsuitable for cryptography.

Product Status

Vendor RSAVAGE
Product Crypt::PasswdMD5
Versions Default: unaffected
  • affected from 0 to 1.42 (incl.)

References

Problem Types

  • CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) CWE