CVE-2025-15618

Published: Mar 31, 2026 Last Modified: Mar 31, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key.

Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use.

This key is intended for encrypting credit card transaction data.

338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: Medium

View CWE Details

693

Protection Mechanism Failure

Draft

Abstraction: Pillar Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism

Applicable Platforms

Technologies: ICS/OT, Not Technology-Specific

View CWE Details

https://metacpan.org/dist/Business-OnlinePayment-StoredTran…

https://metacpan.org/dist/Business-OnlinePayment-StoredTransaction/source/lib/B…

https://security.metacpan.org/patches/B/Business-OnlinePaym…

https://security.metacpan.org/patches/B/Business-OnlinePayment-StoredTransactio…

CVE-2025-15618

Description

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Common Consequences

Applicable Platforms

Protection Mechanism Failure

Common Consequences

Applicable Platforms

Iscriviti alla newsletter