Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| TCHATZI | Authen::TOTP | unaffected |
|
No data.
No data.
No data.
Project Subscriptions
No data.
No advisories yet.
Solution
Upgrade to version 0.1.1 or later.
Workaround
No workaround given by the vendor.
Thu, 21 May 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Thu, 21 May 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage. | |
| Title | Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand | |
| Weaknesses | CWE-331 | |
| References |
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: CPANSec
Published:
Updated: 2026-05-21T19:18:00.347Z
Reserved: 2026-05-14T17:55:07.623Z
Link: CVE-2026-46473
Vulnrichment
Updated: 2026-05-21T19:16:51.459Z
NVD
Status : Received
Published: 2026-05-21T19:16:53.510
Modified: 2026-05-21T20:16:14.203
Link: CVE-2026-46473
Redhat
No data.
OpenCVE Enrichment
No data.