CVE-2026-47372
Received
Received - Intake
Insecure Random Salt Generation in Crypt::SaltedHash Perl Module
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: CPANSec
Description
Description
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.
These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| crypt | saltedhash | to 0.09 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-338 | The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
Because the salts are generated using a predictable random function, the security of hashed data can be compromised.
Attackers may be able to predict salt values, making it easier to perform attacks such as precomputed hash attacks or rainbow table attacks.
Can you explain this vulnerability to me?
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.
These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70