Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
4DescriptionCVE.org
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.
These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
AnalysisAI
Predictable salt generation in the Perl module Crypt::SaltedHash through version 0.09 weakens password hash storage by deriving salts from Perl's non-cryptographic rand() function. Attackers who obtain a salted hash database can predict or precompute salts, dramatically reducing the cost of offline brute-force or rainbow-table attacks against stored credentials. No public exploit identified at time of analysis and EPSS exploitation probability is negligible (0.01%), but the upstream maintainer has released a fix in version 0.10 that switches to a system CSPRNG.
Technical ContextAI
Crypt::SaltedHash is a Perl module on CPAN used to generate salted password hashes (SHA, SSHA, etc.) commonly consumed by LDAP-style authentication backends. The root cause maps to CWE-338 (Use of Cryptographically Weak Pseudo-Random Number Generator): the salt was assembled character-by-character from a 16-character hex alphabet using Perl's built-in rand(), which is a deterministic Mersenne-style PRNG seeded from low-entropy sources and is not suitable for security-sensitive output. The upstream patch (commit 9b68437d) replaces the rand()-based loop with Crypt::SysRandom::random_bytes(), drawing from the operating system's CSPRNG (e.g., /dev/urandom or getrandom on Linux) and hex-encoding the result, eliminating the predictability of generated salts.
RemediationAI
Vendor-released patch: Crypt::SaltedHash 0.10 - upgrade from CPAN (cpanm Crypt::SaltedHash) or pin the dependency to >=0.10 in cpanfile/dist.ini; the fix introduces Crypt::SysRandom and POSIX as new dependencies, so ensure these are available in production Perl environments before deploying. The upstream patch is documented at https://github.com/robrwo/perl-Crypt-SaltedHash/commit/9b68437d2cd420b819b3a795474c3870338d38d5 and release notes at https://metacpan.org/release/RRWO/Crypt-SaltedHash-0.10/changes, with discussion on oss-security at http://www.openwall.com/lists/oss-security/2026/05/20/22. If immediate upgrade is not possible, a compensating control is to override or monkey-patch the salt generator to draw from Crypt::URandom or Crypt::SysRandom directly, accepting the maintenance burden of a local patch; additionally, treat any hashes generated under <=0.09 as weakened and force a password reset / rehash on next successful login so that legacy weak-salt records are replaced with new ones generated by the patched code.
Same technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Critical| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31198
GHSA-h295-pfx3-r298