CVE-2026-47372
CriticalSummary
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. They use the built-in rand function, which is predictable and unsuitable for cryptography.
Risk Assessment
The use of predictable salts can lead to easier password cracking and reduced data security. Organizations may be vulnerable to attacks that exploit these weaknesses.
Recommendation
It is recommended to upgrade to a newer version of Crypt::SaltedHash that does not use the rand function for salt generation. Consider implementing more secure methods for generating random values.
Original NVD description (English source)
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography.

