CVE-2025-40920
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616.
Reserved 2025-04-16 | Published 2025-08-11 | Updated 2025-08-11 | Assigner CPANSecCWE-340 Generation of Predictable Numbers or Identifiers
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator
github.com/...ad2c03aad95406db4ce35dfb670664ebde004c18.patch
github.com/...Catalyst-Authentication-Credential-HTTP/pull/1
metacpan.org/...b/Catalyst/Authentication/Credential/HTTP.pm
datatracker.ietf.org/doc/html/rfc9562
datatracker.ietf.org/doc/html/rfc7616
Support options
