CNNVD-202602-2317 Information

CNNVD ID

CNNVD-202602-2317

Related CVE

CVE-2025-40905

• CNNVD Published: 2026-02-13

Description (Chinese)

MetaCPAN WWW::OAuth是MetaCPAN基金会的一个Perl身份验证库。 MetaCPAN WWW::OAuth 1.000及之前版本存在安全漏洞，该漏洞源于将rand函数用作加密函数的默认熵源，该源在加密上不安全。

Description (English)

MetaCPAN WWW: :OAuth is a Perl identification bank of the MetaCPAN Foundation. MetaCPAN WWW: :OAuth 1.000 and previous versions have a security loophole that originates from the use of the Brand function as the default entropy source for encryption functions, which is not secure for encryption.

Vulnerability Type

其他

Affected Vendor

MetaCPAN

Published

2026-02-13

Last Modified

2026-02-24

References

https://metacpan.org/release/DBOOK/WWW-OAuth-1.000/source/lib/WWW/OAuth.pm#L86 https://perldoc.perl.org/functions/rand https://security.metacpan.org/docs/guides/random-data-for-security.html http://www.openwall.com/lists/oss-security/2026/02/13/1