Gregor Herrmann

**Name of the Vulnerable Software and Affected Versions** Net::OAuth versions prior to 0.29 **Description** The default nonce in Net::OAuth::Client is a 32-bit integer generated from the built-in `rand()` function, which is not cryptographically strong. This weakness can be exploited due to the use of a non-cryptographically secure pseudo-random number generator. **Recommendations** For versions prior to 0.29, consider using a cryptographically secure pseudo-random number generator to generate nonces, or update to a version that uses a secure method for generating nonces. As a temporary workaround, consider disabling the use of the default nonce generation until a patch is available. Restrict access to the `Net::OAuth::Client` module to minimize the risk of exploitation. Avoid using the `rand()` function for generating nonces in the affected API endpoints until the issue is resolved.