WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to gene
Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely.
The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function
Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter.
When no state generator is specified in the constructor, the module defaults to using a
Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for cryptographic purposes.
Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts.
The built-in rand function is predictable, and unsuitable for cryptography.
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.
These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.
Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts.
These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand.
Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend.
For example, if an appli
Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions.
If the Provider is not specified and /dev/urandom or an Entro
Crypt::DSA versions before 1.20 for Perl generate seeds using rand.
Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
Specifically Web::API uses the Data::R
The devices are vulnerable to session hijacking due to insufficient
entropy in its session ID generation algorithm. The session IDs are
predictable, with only 32,768 possible values per user, which
Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values.
String::Random defaults to Perl's built-in predictable random number generator, the rand() function, which is not cry
Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks.
Catalyst::Plugin::Authentication does not automatically change the session id after auth
Trog::TOTP versions before 1.006 for Perl generate secrets using rand.
Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
Inadequate Encryption Strength vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.4.0.
The ids generated using the UUID v1 version are to some extent not secure enough. It c
Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available.
The random_bytes function fell back to using the built-in rand() function when