Skip to main content

Amazon

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-6146 MEDIUM This Month

Amazon::Credentials for Perl versions through 1.2.0 uses the predictable built-in rand() function to generate 64-bit encryption keys for credential obfuscation, allowing attackers to recover stored credentials through key prediction rather than cryptographic attack. Affects Perl applications that depend on this library to protect AWS credentials and similar secrets in memory or serialized objects. No authentication required; exploitation requires access to the encrypted credential object and knowledge of the rand() seed.

Information Disclosure Amazon
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-6146
EPSS 0% CVSS 5.3
MEDIUM This Month

Amazon::Credentials for Perl versions through 1.2.0 uses the predictable built-in rand() function to generate 64-bit encryption keys for credential obfuscation, allowing attackers to recover stored credentials through key prediction rather than cryptographic attack. Affects Perl applications that depend on this library to protect AWS credentials and similar secrets in memory or serialized objects. No authentication required; exploitation requires access to the encrypted credential object and knowledge of the rand() seed.

Information Disclosure Amazon
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy