Home

Description

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

PUBLISHED Reserved 2026-05-14 | Published 2026-05-21 | Updated 2026-05-21 | Assigner CPANSec

Problem types

CWE-331 Insufficient Entropy

Product status

Default status
unaffected

Any version before 0.1.1
affected

References

metacpan.org/release/TCHATZI/Authen-TOTP-0.1.1/changes release-notes

github.com/...d04f30cc6538d77fc6b6d550da450cf3017b8561.patch patch

cve.org (CVE-2026-46473)

nvd.nist.gov (CVE-2026-46473)

Download JSON