CVE-2026-57082
MediumCVSS 5.9Summary
The vulnerability in the Net::BitTorrent library for Perl (versions up to 2.0.1) generates the 160-bit Diffie-Hellman private key for the MSE handshake using a non-cryptographic PRNG (rand()). Since random padding is sent in cleartext from the same generator, a passive observer can recover the PRNG state, then the private key and RC4 keys, allowing decryption of the connection.
Risk Assessment
An organization using Net::BitTorrent with MSE risks complete decryption of traffic by a passive attacker, defeating MSE's passive-observation obfuscation and potentially leaking sensitive data.
Recommendation
Immediately update Net::BitTorrent to version 2.0.2 or later, which uses a cryptographically secure random number generator. If an update is not possible, disable MSE or replace the library with an alternative implementation.
Original NVD description (English source)
Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE (Message Stream Encryption) handshake derives its 160-bit Diffie-Hellman private key from Perl's rand(), a non-cryptographic drand48-class generator seeded once per process, in KeyExchange.pm. The shared secret and the RC4 keys derived from it (the SHA-1 of "keyA" or "keyB", the shared secret, and the infohash) therefore depend entirely on a predictable PRNG. The same handshake sends, in cleartext, random padding drawn from the same rand() sequence in _random_pad, immediately after the public key and the private-key draw. A passive observer of the handshake recovers the PRNG state from the cleartext padding, reconstructs the private key, computes the shared secret from the peer's public key on the wire, derives the RC4 keys, and decrypts the connection, defeating the passive-observation obfuscation MSE provides.

