Skip to main content

Amazon::Credentials CVE-2026-6146

| EUVD-2026-29199 MEDIUM
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)
2026-05-11 CPANSec GHSA-mx57-4jmx-5cvf
Information Disclosure Amazon
5.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
May 13, 2026 - 15:59 vuln.today
CVSS changed
May 13, 2026 - 15:52 NVD
5.3 (MEDIUM)
CVE Published
May 11, 2026 - 19:12 nvd
UNKNOWN (no severity yet)
CVE Published
May 11, 2026 - 19:12 nvd
MEDIUM 5.3

DescriptionNVD

Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys.

Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data dump of the object.

Before version 1.3.0, the secrets were encrypted using a 64-bit key that was generated using the built-in rand function, which is predictable and unsuitable for cryptography.

AnalysisAI

Amazon::Credentials for Perl versions through 1.2.0 uses the predictable built-in rand() function to generate 64-bit encryption keys for credential obfuscation, allowing attackers to recover stored credentials through key prediction rather than cryptographic attack. Affects Perl applications that depend on this library to protect AWS credentials and similar secrets in memory or serialized objects. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-6146 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy