Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys. ...

Description

Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys.

Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data dump of the object.

Before version 1.3.0, the secrets were encrypted using a 64-bit key that was generated using the built-in rand function, which is predictable and unsuitable for cryptography.

Basic information

Type
unreviewed
Severity
unknown
Advisory on GitHub
Open advisory ↗
Repository advisory
Source code
Not specified
Published (advisory)
2026-05-11 21:31:36 UTC
Updated
2026-05-12 00:32:20 UTC
NVD published
2026-05-11

EPSS Score

Score Percentile
0.01% 2.00%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

CWEs

CWE id Name
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

References

cvelogic Threat Intelligence