CVE-2025-40918
BaseFortify
Publication date: 2025-07-16
Last updated on: 2025-11-04
Assigner: CPANSec
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| perl | digest_md5 | * |
| perl | digest_hmac_md5 | * |
| perl | authen_sasl | * |
| perl | authen_sasl | 2.1900 |
| perl | crypt_urandom | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-340 | The product uses a scheme that generates numbers or identifiers that are more predictable than required. |
| CWE-338 | The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl, where the client nonce (cnonce) is generated insecurely. The cnonce is created using an MD5 hash of the process ID (PID), the epoch time, and the built-in rand function. Since the PID comes from a small set of numbers and the epoch time can be guessed or leaked, and because the built-in rand function is not suitable for cryptographic purposes, the cnonce lacks sufficient entropy and can be predicted or reproduced by attackers. This weakens the security of the authentication process.
How can this vulnerability impact me? :
Because the cnonce is generated with insufficient entropy and can be predicted, attackers may be able to perform chosen plaintext attacks or bypass mutual authentication protections. This can lead to unauthorized access or compromise of authentication sessions that rely on the DIGEST_MD5 mechanism, potentially exposing sensitive information or allowing impersonation.