Описание
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library.
- Data::UUID does not use a strong cryptographic source for generating UUIDs.
- Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562.
- The nonces should be generated from a strong cryptographic source, as per RFC 7616.
Ссылки
EPSS
8.6 High
CVSS3
Дефекты
Связанные уязвимости
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616.
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier ...
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616.
EPSS
8.6 High
CVSS3