HIGH
RSAVAGE
CVE published 2026-05-08
CVE-2026-6659
Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts using the built-in rand function, which is predictable and unsuitable for cryptographic purposes. The vulnerability stems from the module's reliance on Perl's non-cryptographic rand() for salt generation in password hashing operations, enabling attackers to predict salt values and potentially accelerate password cra [truncated]