Primary

Context

Crypt::SaltedHash Insecure Random Salt Generation Vulnerability

Vulnerability

Patched

A vulnerability exists in Crypt::SaltedHash versions through 0.09 for Perl, where the rand function is used to generate salts. This method is predictable and not suitable for cryptographic purposes, leading to potential security risks.

Impact

The use of predictable random values for salts can weaken the security of cryptographic operations, making it easier for attackers to perform tasks such as precomputation attacks or rainbow table attacks.

Remediation

Users can upgrade to Crypt::SaltedHash version 0.10, which addresses this vulnerability by using Crypt::SysRandom to generate salts, ensuring a more secure and unpredictable random value.

Added: May 20, 2026, 10:21 PM

Updated: May 20, 2026, 10:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

8.9

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

8.9

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Crypt::SaltedHash Insecure Random Salt Generation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Crypt::SaltedHash

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating