Home

Description

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is intended for encrypting credit card transaction data.

PUBLISHED Reserved 2026-03-29 | Published 2026-03-31 | Updated 2026-03-31 | Assigner CPANSec

Problem types

CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator

CWE-693 Protection Mechanism Failure

Product status

Default status
unaffected

Any version
affected

References

www.openwall.com/lists/oss-security/2026/03/31/7

metacpan.org/.../Business/OnlinePayment/StoredTransaction.pm

security.metacpan.org/...action/0.01/CVE-2025-15618-r1.patch

cve.org (CVE-2025-15618)

nvd.nist.gov (CVE-2025-15618)

Download JSON