In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.
Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce.
The default nonce was generated using an MD5 hash of the epoch time, which is predictable.
Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely.
The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function
WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values.
String::Random defaults to Perl's built-in predictable random number generator, the rand() function, which is not cry
Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source. This can leave serve
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.
Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initia
The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptographic keys.
Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
Specifically Net::Xero uses the Dat
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library.
* Data::UUID does not use a strong cryptographic source for generat
Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions.
If the Provider is not specified and /dev/urandom or an Entro
The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong randomization module is present.
Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter.
When no state generator is specified in the constructor, the module defaults to using a
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.
Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.
Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for cryptographic purposes.
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using
Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
This issue affects
WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
Specifically WebService::Xero
Page 1+ Next →