Primary

Context

Perl Crypt::RandomEncryption Insecure Randomness Vulnerability

Vulnerability

A vulnerability exists in the Perl module Crypt::RandomEncryption, version 0.01, due to the use of the insecure rand() function for encryption. The rand() function is not cryptographically secure and can lead to predictable random values, making it unsuitable for security-sensitive applications such as encryption.

Impact

The vulnerability allows for predictable random values in the encryption process, potentially leading to unauthorized decryption or manipulation of encrypted data.

Remediation

Users are advised to switch to a more secure random number generator for encryption purposes. CPAN offers several modules that provide cryptographically secure random data, such as Crypt::URandom, Crypt::PRNG, and Crypt::OpenSSL::Random.

Added: Sep 30, 2025, 12:27 PM

Updated: Sep 30, 2025, 2:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

6.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

6.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Perl Crypt::RandomEncryption Insecure Randomness Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating