Robert Rothenberg

**Name of the Vulnerable Software and Affected Versions** Crypt::PBKDF2 versions prior to 0.261630 **Description** The software uses a weak default algorithm and an insufficient number of iterations. The default algorithm is HMAC-SHA1, which is intended only for legacy systems. Additionally, the default configuration uses 1000 iterations, whereas 220,000 to 1,400,000 iterations are recommended depending on the selected algorithm. **Recommendations** Update to version 0.261630 or later.

**Name of the Vulnerable Software and Affected Versions** Net::CIDR::Set versions prior to 0.21 **Description** The software fails to validate IP addresses. The `add()` function calls the ` encode()` function to parse addresses; if the input does not resemble netmasks or network ranges, it is treated as a single IP address and passed back to itself as a 32-bit or 128-bit netmask. When a malformed IP address is provided, this process results in indefinite recursion, which can be exploited by an attacker to cause a denial of service. **Recommendations** Update to version 0.21.

**Name of the Vulnerable Software and Affected Versions** Crypt::ScryptKDF versions prior to 0.011 **Description** The software uses an insecure random number source when no Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) module is available. Specifically, the `random bytes()` function falls back to the built-in `rand()` function if the modules `Crypt::PRNG`, `Crypt::OpenSSL::Random`, `Net::SSLeay`, `Crypt::Random`, or `Bytes::Random::Secure` are not present. **Recommendations** Update to a version later than 0.010.

Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a statsd client to using a separate statsd client. It defaults to using a version of Net::Statsd::Tiny that fixes a similar issue (CVE-2026-46720).

**Name of the Vulnerable Software and Affected Versions** Crypt::SaltedHash versions prior to 0.110.0 **Description** Crypt::SaltedHash for Perl is susceptible to timing attacks because it uses Perl's built-in `eq` comparison. Discrepancies in timing could be used to guess the underlying hash. **Recommendations** Update to version 0.110.0.

**Name of the Vulnerable Software and Affected Versions** Crypt::SaltedHash versions prior to 0.10 **Description** Crypt::SaltedHash for Perl generates insecure random values for salts because it utilizes the built-in `rand()` function, which is predictable and unsuitable for cryptographic purposes. **Recommendations** Update to a version later than 0.09.

**Name of the Vulnerable Software and Affected Versions** Template::Plugin::HTML versions prior to 3.103 **Description** Template::Plugin::HTML for Perl allows the injection of HTML and JavaScript. The `html filter()` function fails to escape single quotes, which enables code injection within HTML attributes enclosed in single quotes. For instance, a variable like `var` used in `<a id='ref' title='[% var | html %]'>` is not properly escaped. An attacker could provide a value such as ` ' onclick='while (true) { alert(1) }'` to execute scripts. The ability to inject arbitrary HTML and JavaScript is limited because angle brackets, ampersands, and double quotes remain escaped. **Recommendations** Update to a version later than 3.102. As a temporary workaround, avoid using single quotes for HTML attributes when utilizing the `html filter()` function.

**Name of the Vulnerable Software and Affected Versions** Web::Passwd version 0.03 **Description** Web::Passwd, a small CGI application for managing htpasswd files via the htpasswd command, allows remote code execution. The `user` parameter is not validated or escaped before being used as the final argument on the command line, which enables command injection. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Amazon::Credentials versions prior to 1.3.0 **Description** Amazon::Credentials stores credentials in an obfuscated form to prevent secrets from being accessed via a data dump of the object. The software uses a 64-bit key generated by the built-in `rand` function to encrypt these secrets. The `rand` function is predictable and unsuitable for cryptographic purposes. **Recommendations** Update to version 1.3.0 or later.

**Name of the Vulnerable Software and Affected Versions** Crypt::PasswdMD5 versions prior to 1.43 **Description** The software generates insecure random values for salts because the built-in `rand()` function is predictable and unsuitable for cryptographic purposes. **Recommendations** Update to a version later than 1.42.

**Name of the Vulnerable Software and Affected Versions** Apache::Session::Generate::ModUniqueId versions 1.54 through 1.94 **Description** Apache::Session::Generate::ModUniqueId uses the `UNIQUE ID` environment variable for session identifiers. This variable is generated by the Apache mod unique id plugin using the IPv4 address, process ID, epoch time, a 16-bit counter, and a thread index without obfuscation. Because the server IP, process IDs, and timestamps are often public or predictable, these session identifiers are insecure and unsuitable for security purposes. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dancer::Session::Abstract versions prior to 1.3523 **Description** Session IDs are generated insecurely by summing the character codepoints of the absolute pathname with the process ID, the epoch time, and a value from the built-in `rand()` function (returning a number between 0 and 999 billion), then concatenating the result three times. The absolute pathname may be guessed or known, the epoch time can be predicted or leaked via HTTP headers, and process IDs often come from a small, sequential set. Additionally, the `rand()` function is seeded with 32 bits, making it unsuitable for security purposes. This predictability allows an attacker to potentially gain unauthorized system access. **Recommendations** Update to a version later than 1.3522.

Name of the Vulnerable Software and Affected Versions Crypt::SecretBuffer versions prior to 0.019 Description The software is susceptible to timing attacks. For example, if used to store and compare plaintext passwords, discrepancies in timing could be used to guess the secret password. Recommendations Update to version 0.019.

**Name of the Vulnerable Software and Affected Versions** Solstice::Session versions prior to 1441 **Description** Session IDs are generated insecurely. The ` generateSessionID()` method, also used by the ` generateID()` method in Solstice::Subsession, produces an MD5 digest seeded by the epoch time, a random hash reference, the built-in `rand()` function, and the process ID. Because the epoch time can be guessed, stringified hash references contain predictable content, the `rand()` function is seeded by only 16-bits, and process IDs are drawn from a small set of numbers, the resulting session IDs are predictable. This could allow an attacker to gain unauthorized access to systems. **Recommendations** Update to a version later than 1440.

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails (for example, on systems without the device, such as Windows), then it will emit a warning that recommends the user install Crypt::URandom, and then return a string of random bytes generated by the built-in rand function, which is unsuitable for cryptographic applications. This modules does not use the Crypt::URandom module, and installing it will not fix the problem. The random bytes are used for generating an initialisation vector (IV) to encrypt the cookie. A predictable IV may make it easier for malicious users to decrypt and tamper with the session data that is stored in the cookie.

**Name of the Vulnerable Software and Affected Versions** Apache::Session::Generate::MD5 versions through 1.94 **Description** The software generates session IDs insecurely. The default session ID generator uses an MD5 hash seeded with the built-in `rand()` function, the epoch time, and the process ID (`PID`). The `PID` comes from a limited set of numbers, and the epoch time may be guessed. The `rand()` function is not suitable for cryptographic purposes. Predictable session IDs could allow an attacker to gain unauthorized access to systems. **Recommendations** Update to a version of Apache::Session::Generate::MD5 later than 1.94.

**Name of the Vulnerable Software and Affected Versions** Net::NSCA::Client versions through 0.009002 **Description** Net::NSCA::Client for Perl utilizes an inadequate random number generator. Version 0.003 transitioned to using `Data::Rand::Obscure` instead of `Crypt::Random` for generating initialization vectors. `Data::Rand::Obscure` relies on Perl's built-in `rand()` function, which is not appropriate for cryptographic applications. **Recommendations** Versions prior to 0.009002 should be updated.

**Name of the Vulnerable Software and Affected Versions** Apache::SessionX versions through 2.01 **Description** Apache::SessionX generates session IDs insecurely. The default session ID generator returns an MD5 hash seeded with the built-in `rand()` function, the epoch time, and the process ID (`PID`). The `PID` comes from a limited set of numbers, and the epoch time may be predictable if not leaked from the HTTP Date header. The `rand()` function is not suitable for cryptographic purposes. Predictable session IDs could allow an attacker to gain unauthorized access to systems. **Recommendations** Update Apache::SessionX to a version later than 2.01.

**Name of the Vulnerable Software and Affected Versions** Smolder versions through 1.51 **Description** Smolder for Perl versions through 1.51 utilizes an insecure `rand()` function for cryptographic operations. Specifically, `Smolder::DB::Developer` employs the `Data::Random` library, which relies on the `rand()` function and is intended primarily for testing purposes, not for secure cryptographic applications. The `rand()` function is not a cryptographically secure source of entropy. **Recommendations** Versions prior to 1.52 should be updated.

**Name of the Vulnerable Software and Affected Versions** Concierge::Sessions versions 0.8.1 through 0.8.4 **Description** The `generate session id` function within Concierge::Sessions::Base defaults to insecure methods for generating session identifiers. Specifically, it uses the `uuidgen` command, which may fall back to Perl's `rand()` function if `uuidgen` fails, or generate time-based UUIDs if a high-quality random number source is unavailable. Both `rand()` and time-based UUIDs are predictable and unsuitable for security applications. The possession of these identifiers grants access, as per RFC 9562. There is no warning when `uuidgen` fails, potentially leading to the silent use of the insecure `rand()` function. **Recommendations** Upgrade to version 0.8.5 or later.