CVE-2024-57835

Name of the Vulnerable Software and Affected Versions Amon2::Auth::Site::LINE versions up to 0.04

Description The issue concerns the use of a predictable random number generator. Amon2::Auth::Site::LINE utilizes the String::Random module to generate nonce values, which defaults to Perl's built-in rand() function. This function is not cryptographically secure.

Recommendations For Amon2::Auth::Site::LINE versions up to 0.04, consider using a cryptographically secure random number generator as a replacement for the String::Random module to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.