CVE-2026-8647

Published: Mag 27, 2026 Last Modified: Mag 27, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available.

The random_bytes function fell back to using the built-in rand() function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or Bytes::Random::Secure were available.

338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: Medium

View CWE Details

https://metacpan.org/release/MIK/Crypt-ScryptKDF-0.011/chan…

https://metacpan.org/release/MIK/Crypt-ScryptKDF-0.011/changes

https://metacpan.org/release/MIK/Crypt-ScryptKDF-0.011/diff…

https://metacpan.org/release/MIK/Crypt-ScryptKDF-0.011/diff/MIK/Crypt-ScryptKDF…

CVE-2026-8647

Description

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Common Consequences

Applicable Platforms

Iscriviti alla newsletter