Skip to main content

Trog::TOTP EUVD-2026-30577

| CVE-2026-46474 HIGH
Insufficient Entropy (CWE-331)
2026-05-15 CPANSec GHSA-x5pc-h62r-4rgx
Information Disclosure
7.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
May 18, 2026 - 16:22 vuln.today
CVSS changed
May 18, 2026 - 16:22 NVD
7.5 (HIGH)
Patch available
May 15, 2026 - 19:02 EUVD
CVE Published
May 15, 2026 - 17:41 nvd
UNKNOWN (no severity yet)

DescriptionNVD

Trog::TOTP versions before 1.006 for Perl generate secrets using rand.

Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

AnalysisAI

Insufficient entropy in Trog::TOTP for Perl (versions before 1.006) allows remote attackers to predict TOTP secrets generated using Perl's built-in rand() function, undermining the security of two-factor authentication tokens issued by applications relying on this module. The flaw was reported by CPANSec and a fixed release (1.006) is available on CPAN. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Audit production and development systems for Trog::TOTP module usage and identify affected versions (< 1.006). Within 7 days: Update Trog::TOTP to version 1.006 or later from CPAN across all affected systems; coordinate with application owners and schedule testing. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-30577 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy