CVE-2025-40924: Perl Weak Entropy Seed Generation
Generating session seeds or cryptographic tokens using weak sources of entropy like `time` and `rand` leads to highly predictable values. An attacker can brute-force or correlate these inputs to guess the final output, leading to session hijacking. Use a true CSPRNG (e.g., Crypt::SysRandom or Math::Random::Secure) instead.
Provally CuratedPublic repositoryHighHigh confidenceVerifiedApache-2.0Generic
greprules fetch cve-2025-40924-perl-weak-entropy-seed-generation --engine opengrepDescription
Generating session seeds or cryptographic tokens using weak sources of entropy like `time` and `rand` leads to highly predictable values. An attacker can brute-force or correlate these inputs to guess the final output, leading to session hijacking. Use a true CSPRNG (e.g., Crypt::SysRandom or Math::Random::Secure) instead.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0