CVE-2025-40905 | THREATINT

Description

WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

PUBLISHED Reserved 2025-04-16 | Published 2026-02-12 | Updated 2026-02-12 | Assigner CPANSec

Problem types

CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Product status

Default status

unaffected

Any version

affected

Credits

Robert Rothenberg (RRWO) finder

References

perldoc.perl.org/functions/rand

security.metacpan.org/...uides/random-data-for-security.html

metacpan.org/...BOOK/WWW-OAuth-1.000/source/lib/WWW/OAuth.pm

cve.org (CVE-2025-40905)

nvd.nist.gov (CVE-2025-40905)

Download JSON