{"id":"CVE-2026-6659","summary":"Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts","details":"Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts.\n\nThe built-in rand function is predictable, and unsuitable for cryptography.","modified":"2026-07-15T01:49:00.443479369Z","published":"2026-05-08T17:17:01.357Z","related":["openSUSE-SU-2026:11000-1","openSUSE-SU-2026:21137-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6659.json","unresolved_ranges":[{"extracted_events":[{"last_affected":"1.42"}],"source":"AFFECTED_FIELD"},{"extracted_events":[{"fixed":"1.42"}],"source":"DESCRIPTION"}],"cna_assigner":"CPANSec","cwe_ids":["CWE-338"]},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2026/05/08/17"},{"type":"WEB","url":"https://cpan.org/modules"},{"type":"WEB","url":"https://metacpan.org/release/RSAVAGE/Crypt-PasswdMD5-1.42/source/lib/Crypt/PasswdMD5.pm#L35-47"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6659.json"},{"type":"ADVISORY","url":"https://metacpan.org/release/RSAVAGE/Crypt-PasswdMD5-1.43/changes"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6659"},{"type":"REPORT","url":"https://github.com/ronsavage/Crypt-PasswdMD5/pull/3"},{"type":"FIX","url":"https://github.com/ronsavage/Crypt-PasswdMD5/commit/a2f821637db0296082297aa4b02254ab08f0dc5e.patch"},{"type":"PACKAGE","url":"https://github.com/ronsavage/Crypt-PasswdMD5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ronsavage/crypt-passwdmd5","events":[{"introduced":"0"},{"fixed":"a2f821637db0296082297aa4b02254ab08f0dc5e"}],"database_specific":{"source":"REFERENCES"}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-6659.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}