Name of the Vulnerable Software and Affected Versions:

Authen::SASL::Perl::DIGEST MD5 versions 2.04 through 2.1800

Description:

The `cnonce` (client nonce) is generated insecurely from an MD5 hash of the PID, the epoch time, and the built-in `rand` function. The PID originates from a limited set of numbers, and the epoch time may be predictable. The `rand` function is unsuitable for cryptographic purposes. According to RFC 2831, the `cnonce` should contain at least 64 bits of entropy to prevent chosen plaintext attacks and ensure mutual authentication.

Recommendations:

Versions prior to 2.1800 are affected.

Update to a version later than 2.1800.