Predictable Secret Generation in Trog::TOTP from Teodesian
CVE-2026-46474

Currently unrated

Key Information:

Vendor: Teodesian
Status: Trog::totp
Vendor: CVE Published:; 15 May 2026

What is CVE-2026-46474?

Trog::TOTP versions prior to 1.006 employ Perl's built-in rand function to generate cryptographic secrets. This method is inherently predictable, posing significant security risks as attackers could potentially exploit these weaknesses to retrieve sensitive information. It's crucial to update to version 1.006 or later to ensure the integrity of the secret generation process.

Affected Version(s)

Trog::TOTP 0 < 1.006

References

https://metacpan.org/release/TEODESIAN/Trog-TOTP-1.006/ch...

release-notes

https://metacpan.org/release/TEODESIAN/Trog-TOTP-1.006/di...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
May 14, 2026

CVE-2026-46474 Data

JSON