======================================================================== CVE-2026-6659 CPAN Security Group ========================================================================
CVE ID: CVE-2026-6659 Distribution: Crypt-PasswdMD5 Versions: through 1.42 MetaCPAN: https://metacpan.org/dist/Crypt-PasswdMD5 VCS Repo: https://github.com/ronsavage/Crypt-PasswdMD5 Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts Description ----------- Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography. Problem types ------------- - CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) References ---------- https://metacpan.org/release/RSAVAGE/Crypt-PasswdMD5-1.42/source/lib/Crypt/PasswdMD5.pm#L35-47
