CVE-2026-46473

HIGH NVD

CVSS Score 7.5

Severity HIGH

Published May 21, 2026

Vendor unknown

Description

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

References

https://github.com/tchatzi/Authen-TOTP/commit/d04f30cc6538d77fc6b6d550da450cf3017b8561.patch
https://metacpan.org/release/TCHATZI/Authen-TOTP-0.1.1/changes