Primary

Context

WWW::OAuth Cryptographic Entropy Vulnerability

Vulnerability

A vulnerability exists in WWW::OAuth versions through 1.000 for Perl, where the rand() function is used as the default source of entropy for cryptographic functions. This source is not cryptographically secure, raising concerns about the reliability of generated cryptographic data.

Impact

The use of an insecure random number generator for cryptographic purposes can lead to predictable and easily guessable values, undermining the security of tokens, keys, and other sensitive data that rely on randomness.

Remediation

Users are advised to switch to a cryptographically secure random number generator. Several CPAN modules are available for this purpose, including Crypt::URandom, Crypt::PRNG, and Crypt::SysRandom.

Added: Feb 13, 2026, 12:32 AM

Updated: Feb 13, 2026, 12:32 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.0

remediation

0.0

relevance

3.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.0

remediation

0.0

relevance

3.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WWW::OAuth Cryptographic Entropy Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating