CVE-2025-40920
BaseFortify
Publication date: 2025-08-11
Last updated on: 2025-11-04
Assigner: CPANSec
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| perl | catalyst_authentication_credential_http | 1.018 |
| perl | crypt_sysrandom | * |
| perl | data_uuid | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-338 | The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong. |
| CWE-340 | The product uses a scheme that generates numbers or identifiers that are more predictable than required. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl, where nonces used in HTTP authentication are generated insecurely using the Data::UUID library. Data::UUID produces version 3 UUIDs, which are derived from known information and do not use a strong cryptographic source, making the nonces predictable and unsuitable for security purposes. This violates the security requirements for nonce generation specified in RFC 7616, which mandates nonces be generated from a strong cryptographic source. The issue is that predictable nonces can undermine the security of the HTTP Digest Access Authentication mechanism, potentially allowing replay or other attacks. The vulnerability was fixed by replacing Data::UUID with Crypt::SysRandom, which generates cryptographically strong random bytes for nonce creation. [1, 2]
How can this vulnerability impact me? :
Because the nonces are generated using a weak, predictable method, an attacker could potentially predict or reproduce nonce values used in HTTP Digest Access Authentication. This can lead to replay attacks or other authentication bypass techniques, compromising the security of systems using the affected Catalyst::Authentication::Credential::HTTP module. The vulnerability has a high impact on confidentiality, low impact on integrity, and low impact on availability, as indicated by the CVSS score. Essentially, it weakens the authentication mechanism, making it easier for attackers to impersonate legitimate users or intercept protected communications. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update Catalyst::Authentication::Credential::HTTP Perl module to a version later than 1.018 that includes the patch replacing the insecure Data::UUID nonce generation with Crypt::SysRandom. This patch ensures nonces are generated from a strong cryptographic source as required by RFC 7616. Specifically, apply the patch that removes Data::UUID usage and uses Crypt::SysRandom::random_bytes to generate secure 20-byte nonces converted to hexadecimal strings. This update prevents predictable nonce generation and enhances HTTP authentication security. [1, 2]