Skip to main content

Crypt::SaltedHash CVE-2026-47372

| EUVDEUVD-2026-31198 CRITICAL
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)
2026-05-20 9b29abf9-4ab0-4765-b253-1875cd9b441e GHSA-h295-pfx3-r298
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
SUSE
CRITICAL
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

4
Source Code Evidence Fetched
May 21, 2026 - 15:22 vuln.today
Analysis Generated
May 21, 2026 - 15:22 vuln.today
CVSS changed
May 21, 2026 - 15:22 NVD
9.1 (CRITICAL)
CVE Published
May 20, 2026 - 22:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.

These versions use the built-in rand function, which is predictable and unsuitable for cryptography.

AnalysisAI

Predictable salt generation in the Perl module Crypt::SaltedHash through version 0.09 weakens password hash storage by deriving salts from Perl's non-cryptographic rand() function. Attackers who obtain a salted hash database can predict or precompute salts, dramatically reducing the cost of offline brute-force or rainbow-table attacks against stored credentials. No public exploit identified at time of analysis and EPSS exploitation probability is negligible (0.01%), but the upstream maintainer has released a fix in version 0.10 that switches to a system CSPRNG.

Technical ContextAI

Crypt::SaltedHash is a Perl module on CPAN used to generate salted password hashes (SHA, SSHA, etc.) commonly consumed by LDAP-style authentication backends. The root cause maps to CWE-338 (Use of Cryptographically Weak Pseudo-Random Number Generator): the salt was assembled character-by-character from a 16-character hex alphabet using Perl's built-in rand(), which is a deterministic Mersenne-style PRNG seeded from low-entropy sources and is not suitable for security-sensitive output. The upstream patch (commit 9b68437d) replaces the rand()-based loop with Crypt::SysRandom::random_bytes(), drawing from the operating system's CSPRNG (e.g., /dev/urandom or getrandom on Linux) and hex-encoding the result, eliminating the predictability of generated salts.

RemediationAI

Vendor-released patch: Crypt::SaltedHash 0.10 - upgrade from CPAN (cpanm Crypt::SaltedHash) or pin the dependency to >=0.10 in cpanfile/dist.ini; the fix introduces Crypt::SysRandom and POSIX as new dependencies, so ensure these are available in production Perl environments before deploying. The upstream patch is documented at https://github.com/robrwo/perl-Crypt-SaltedHash/commit/9b68437d2cd420b819b3a795474c3870338d38d5 and release notes at https://metacpan.org/release/RRWO/Crypt-SaltedHash-0.10/changes, with discussion on oss-security at http://www.openwall.com/lists/oss-security/2026/05/20/22. If immediate upgrade is not possible, a compensating control is to override or monkey-patch the salt generator to draw from Crypt::URandom or Crypt::SysRandom directly, accepting the maintenance burden of a local patch; additionally, treat any hashes generated under <=0.09 as weakened and force a password reset / rehash on next successful login so that legacy weak-salt records are replaced with new ones generated by the patched code.

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2026-47372 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy