CVE Catalog

CVE-2026-46473

High
Published: Translated: NVD NIST

Summary

Authen::TOTP versions before 0.1.1 for Perl generate secrets using the rand function, which is predictable and unsuitable for security usage.

Risk Assessment

The use of predictable secrets may lead to the compromise of systems relying on these secrets for authentication.

Recommendation

It is recommended to upgrade to Authen::TOTP version 0.1.1 or later to ensure the security of generated secrets.

Original NVD description (English source)

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS