CVE-2024-57835

CVE-2024-57835: Amon2::Auth::Site::LINE versions through 0.04 for Perl uses insecure rand() function for cryptographic functions

Vendor Taniguchi
Product Amon2::Auth::Site::LINE
Weakness CWE-338
Published April 5, 2025
Last update April 7, 2025

CVSS base score

What the vulnerability does

01Description

Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values.  String::Random defaults to Perl's built-in predictable random number generator, the rand() function, which is not cryptographically secure

Key dates

02Disclosure timeline

April 5, 2025 CVE published
April 7, 2025 Record updated