HIGH
TEODESIAN
CVE published 2026-05-15
CVE-2026-46474
Trog::TOTP versions prior to 1.006 use Perl's built-in `rand` function for generating TOTP secrets, which is cryptographically predictable and unsuitable for security-sensitive operations. The vulnerability was disclosed on 2026-05-15 and last modified on 2026-05-18. The issue is classified as CWE-331 (Insufficient Entropy) with a CVSS 3.1 score of 7.5 (HIGH severity), indicating network-accessible attack [truncated]