CVE Catalog

CVE-2026-47372

Critical
Published: Translated: NVD NIST

Summary

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. They use the built-in rand function, which is predictable and unsuitable for cryptography.

Risk Assessment

The use of predictable salts can lead to easier password cracking and reduced data security. Organizations may be vulnerable to attacks that exploit these weaknesses.

Recommendation

It is recommended to upgrade to a newer version of Crypt::SaltedHash that does not use the rand function for salt generation. Consider implementing more secure methods for generating random values.

Original NVD description (English source)

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS