Primary

Context

Authen::TOTP Cryptographic Weakness Vulnerability

Vulnerability

Patched

A vulnerability exists in Authen::TOTP versions prior to 0.1.1 for Perl, where the generation of secret keys relied on Perl's built-in rand function. This method is predictable and not suitable for secure applications. The vulnerability has been addressed in version 0.1.1, which replaces the random key generation with a more secure alternative from the Crypt::PRNG module.

Impact

Exploitation of this vulnerability could lead to the generation of predictable secrets, undermining the security of the two-factor authentication mechanism that Authen::TOTP implements.

Remediation

Users can upgrade to Authen::TOTP version 0.1.1, which is available on CPAN. This version replaces the insecure random number generation with a method from the Crypt::PRNG module, ensuring that secret keys are generated securely.

Added: May 21, 2026, 7:53 PM

Updated: May 21, 2026, 7:53 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

9.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

9.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Authen::TOTP Cryptographic Weakness Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Authen::TOTP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating