Skip to main content

Crypt::PasswdMD5 EUVDEUVD-2026-28809

| CVE-2026-6659 HIGH
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)
2026-05-08 CPANSec GHSA-j539-xxc6-73wf
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
SUSE
HIGH
qualitative
Red Hat
6.1 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 20:31 vuln.today
CVSS changed
May 08, 2026 - 19:22 NVD
7.5 (None) 7.5 (HIGH)
CVE Published
May 08, 2026 - 17:17 nvd
UNKNOWN (no severity yet)
CVE Published
May 08, 2026 - 17:17 nvd
HIGH 7.5

DescriptionCVE.org

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts.

The built-in rand function is predictable, and unsuitable for cryptography.

AnalysisAI

Weak salt generation in Crypt::PasswdMD5 (Perl) through version 1.42 enables password hash cracking via predictable random values. The module uses Perl's built-in rand() function for salt generation instead of cryptographically secure random sources, allowing attackers to predict salt values and drastically reduce the computational cost of offline password cracking attacks. CVSS 7.5 (High) with network vector and no authentication required. SSVC assessment indicates the vulnerability is automatable with partial technical impact. EPSS and KEV data not provided, but the cryptographic weakness is architecturally exploitable wherever these password hashes are transmitted or stored in accessible locations.

Technical ContextAI

Crypt::PasswdMD5 is a Perl module implementing MD5-based Unix password hashing (crypt format). The vulnerability stems from CWE-338 (Use of Cryptographically Weak Pseudo-Random Number Generator). The module's salt generation routine uses Perl's rand() function, which implements a predictable linear congruential generator (LCG) unsuitable for security purposes. Cryptographic salts must be generated from secure random sources (like /dev/urandom or Crypt::Random) to ensure each password hash has sufficient entropy. Predictable salts allow attackers to precompute rainbow tables or significantly reduce the search space for brute-force attacks. The CPE identifier (cpe:2.3:a:rsavage:crypt::passwdmd5) confirms this affects Ron Savage's implementation. Source code reference points to lines 35-47 of PasswdMD5.pm where the insecure rand() call occurs.

RemediationAI

Upgrade to Crypt::PasswdMD5 version 1.43 or later when available (patch status not confirmed in provided data - verify current release version at https://metacpan.org/release/RSAVAGE/Crypt-PasswdMD5). If patched version is not yet released, implement immediate compensating controls: (1) Replace Crypt::PasswdMD5 with secure alternatives like Crypt::Bcrypt, Crypt::Argon2, or Authen::Passphrase which use cryptographically secure random sources and modern KDFs. This is the recommended long-term solution as MD5-based password hashing is itself deprecated. (2) If replacement is not immediately feasible, manually patch the salt generation code at lines 35-47 of PasswdMD5.pm to use Crypt::Random or reading from /dev/urandom instead of rand(). Trade-off: requires code modification and testing. (3) Force re-hashing of all existing passwords with secure implementation upon next user authentication. (4) Implement additional hash exposure controls: encrypt password databases at rest, use TLS for all authentication traffic, restrict database access with principle of least privilege, enable database access logging. Monitor for unusual password hash access patterns. Review oss-security mailing list discussion at http://www.openwall.com/lists/oss-security/2026/05/08/17 for community-developed patches and migration guidance.

More in Crypt

View all
CVE-2026-30909 CRITICAL
9.8 Mar 08

Perl Crypt::NaCl::Sodium module through 2.002 has potential integer overflows in cryptographic operations that could wea

CVE-2026-2588 CRITICAL
9.1 Feb 23

Integer overflow in Crypt::NaCl::Sodium Perl module through version 2.001 on 32-bit systems. The Sodium.xs binding casts

CVE-2026-58102 CRITICAL
9.1 Jul 13

Heap out-of-bounds read in the Crypt::OpenSSL::X509 Perl module (versions before 2.1.3) lets a crafted X.509 certificate

CVE-2026-9265 CRITICAL
9.1 Jun 20

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_

CVE-2026-14570 HIGH
7.5 Jul 05

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, lead

CVE-2026-2597 HIGH
7.5 Feb 27

Heap buffer overflow in Crypt::SysRandom::XS before version 0.010 allows denial of service through negative length param

CVE-2026-30910 HIGH
7.5 Mar 08

Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined aead encryption, combined

CVE-2026-5086 HIGH
7.5 Apr 13

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuff

CVE-2026-58101 HIGH
7.5 Jul 13

Denial of service in the Crypt::OpenSSL::X509 Perl module before 2.1.3 lets a malformed X.509 certificate crash any Perl

CVE-2026-9638 HIGH
7.5 Jun 12

Predictable salt generation in the Perl Crypt::PBKDF2 module before version 0.261630 weakens the cryptographic strength

CVE-2026-8704 MEDIUM
6.5 May 15

File overwrite and information disclosure in Crypt::DSA through version 1.19 for Perl expose systems where user-controll

CVE-2017-20240 MEDIUM
5.9 Jun 12

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. Rated medium severity (CVSS 5.9), this

Vendor StatusVendor

SUSE

Severity: High

Share

EUVD-2026-28809 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy