Описание
WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
Specifically WebService::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.
Ссылки
- Product
- Product
- https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L178Product
- Product
- Product
- Product
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 0.11 (включая)
cpe:2.3:a:localshop:webservice\:\:xero:*:*:*:*:*:perl:*:*
EPSS
Процентиль: 29%
0.00102
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-338
CWE-338
Связанные уязвимости
CVSS3: 5.5
github
4 месяца назад
WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically WebService::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.
EPSS
Процентиль: 29%
0.00102
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-338
CWE-338