Description
Trog::TOTP versions before 1.006 for Perl generate secrets using rand.

Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
Published: 2026-05-15
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

Vendor Solution

Upgrade to version 1.006 or later.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 17 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Teodesian
Teodesian trog::totp
Vendors & Products Teodesian
Teodesian trog::totp

Fri, 15 May 2026 22:30:00 +0000

Type Values Removed Values Added
References

Fri, 15 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
Title Trog::TOTP versions before 1.006 for Perl generate secrets using rand
Weaknesses CWE-331
References

Subscriptions

Teodesian Trog::totp
cve-icon MITRE

Status: PUBLISHED

Assigner: CPANSec

Published:

Updated: 2026-05-18T15:01:38.271Z

Reserved: 2026-05-14T17:55:07.623Z

Link: CVE-2026-46474

cve-icon Vulnrichment

Updated: 2026-05-15T21:23:28.941Z

cve-icon NVD

Status : Deferred

Published: 2026-05-15T18:16:26.053

Modified: 2026-06-17T10:53:41.913

Link: CVE-2026-46474

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T16:30:05Z

Weaknesses