Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts.
These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts.
The _make_salt and _make_salt_bcrypt methods will attept to load Crypt::URandom and then Bytes::Ra
In the OAuth library for nim prior to version 0.11, the `state` values generated by the `generateState` function do not have sufficient entropy. These can be successfully guessed by an attacker allowi
Ado::Sessions versions through 0.935 for Perl generates insecure session ids.
The session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PI
Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for cryptographic purposes.
Starch versions 0.14 and earlier generate session ids insecurely.
The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and
Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
Specifically Web::API uses the Data::R
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.
These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values.
String::Random defaults to Perl's built-in predictable random number generator, the rand() function, which is not cry
Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely.
The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely.
PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom de
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pri
Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to gene
Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks.
These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess
The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and
Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library.
* Data::UUID does not use a strong cryptographic source for generat
Crypt::DSA versions before 1.20 for Perl generate seeds using rand.
Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand.
Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.