Weak Random Number Generation in Net::EasyTCP for Perl by MNAGUIB
CVE-2002-20002

5.4MEDIUM

Key Information:

Vendor: MNAGUIB
Vendor: CVE Published:; 2 January 2025

What is CVE-2002-20002?

The Net::EasyTCP package prior to version 0.15 for Perl is vulnerable due to its reliance on Perl's built-in rand() function for generating cryptographic keys. This function is not suitable for cryptographic purposes as it does not provide strong randomness, potentially leading to predictable key generation and exposing systems to various security risks. Users of affected versions are encouraged to update to a secure version to mitigate these vulnerabilities.

References

https://metacpan.org/release/MNAGUIB/EasyTCP-0.26/changes

https://github.com/briandfoy/cpan-security-advisory/issue...

https://metacpan.org/release/MNAGUIB/EasyTCP-0.15/view/Ea...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Jan 2, 2025