FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

p5-Catalyst-Authentication-Credential-HTTP -- Insecure source of randomness

Affected packages
p5-Catalyst-Authentication-Credential-HTTP < 1.019

Details

VuXML ID c323bab5-80dd-11f0-97c4-40b034429ecf
Discovery 2025-08-11
Entry 2025-08-24

perl-catalyst project reports:

Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs.* Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616.

[source]

References

CVE Name CVE-2025-40920
URL https://nvd.nist.gov/vuln/detail/CVE-2025-40920

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.