CVE-2026-46473
7.5 HIGHAuthen::TOTP versions before 0.1.1 for Perl generate secrets using rand
Published: 2026-05-21 · Last updated: 2026-05-21
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-331
Description
Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-8700 — Crypt::DSA versions before 1.20 for Perl generate seeds using rand (7.3 HIGH)
- CVE-2026-46474 — Trog::TOTP versions before 1.006 for Perl generate secrets using rand (7.5 HIGH)
- CVE-2026-42155 — Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-com...
- CVE-2025-14972 — * Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat
- CVE-2026-7210 — `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML d... (9.8 CRITICAL)