======================================================================== CVE-2026-46473 CPAN Security Group ========================================================================
CVE ID: CVE-2026-46473 Distribution: Authen-TOTP Versions: before 0.1.1 MetaCPAN: https://metacpan.org/dist/Authen-TOTP VCS Repo: https://github.com/tchatzi/Authen-TOTP Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand Description ----------- Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage. Problem types ------------- - CWE-331 Insufficient Entropy Solutions --------- Upgrade to version 0.1.1 or later. References ---------- https://metacpan.org/release/TCHATZI/Authen-TOTP-0.1.1/changes https://github.com/tchatzi/Authen-TOTP/commit/d04f30cc6538d77fc6b6d550da450cf3017b8561.patch
