CVE-2026-47372
Description
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.
These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Crypt::SaltedHash through 0.09 uses Perl's predictable rand() for salt generation, making salted hashes cryptographically weak.
Vulnerability
Crypt::SaltedHash versions 0.09 and earlier for Perl use the built-in rand function to generate salts for hashing. The __generate_hex_salt function in lib/Crypt/SaltedHash.pm derives salt characters via int( rand( ... ) ), which is not cryptographically secure. An attacker who can observe multiple salted hashes can predict future salt values, weakening the security of the hashing scheme. The fix in version 0.10 replaces this with Crypt::SysRandom::random_bytes [1].
Exploitation
An attacker requires access to at least one salted hash output to infer the seeded state of Perl's rand. Since rand is deterministic after the seed is known, a remote attacker without any special privileges can compute the salt values used in subsequent hashing operations, or even predict future salts if they can influence the timing of hash generation. No authentication or user interaction is needed; only the ability to observe the output of the module [1].
Impact
Successful exploitation allows an attacker to recover the salt for a given hashed value, or to precompute rainbow tables for targeted salt values. This undermines the confidentiality of the hashed data and can lead to disclosure of the original plaintext secrets (e.g., passwords). The attacker gains the ability to perform offline brute-force attacks with reduced search space, effectively bypassing the protection that salted hashing is designed to provide [1][2].
Mitigation
Upgrade to Crypt::SaltedHash version 0.10, released on 2026-05-20, which uses a cryptographically secure random source (Crypt::SysRandom) instead of rand. Users on Perl distributions without the new dependency can install Crypt::SysRandom and update the module manually. No workaround is available for versions prior to 0.09; users must apply the patch [1] or update the module [2].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=0.09
Patches
19b68437d2cd4Use Crypt::SysRandom to generate the salt [CVE-2026-47372]
3 files changed · +6 −10
Changes+1 −0 modified@@ -6,6 +6,7 @@ Revision history for Perl module Crypt::SaltedHash - Updated copyright year. - Minimum Perl version is v5.6.0 - Added missing prerequisite + - Security: Use system randomness source to generate the salt CVE-2026-47372 0.09 2013-07-30 - add Test::Fatal test requires
dist.ini+2 −0 modified@@ -23,8 +23,10 @@ repository.type = git [Prereqs] +Crypt::SysRandom = 0 Digest = 0 MIME::Base64 = 0 +POSIX = 0 [Prereqs / TestRequires] Test::More = 0
lib/Crypt/SaltedHash.pm+3 −10 modified@@ -3,8 +3,10 @@ package Crypt::SaltedHash; use v5.6.0; use strict; +use Crypt::SysRandom (); use Digest (); use MIME::Base64 (); +use POSIX (); our $VERSION = '0.10'; @@ -382,18 +384,9 @@ sub __get_pass_hash { sub __generate_hex_salt { - my @keychars = ( - "0", "1", "2", "3", "4", "5", "6", "7", - "8", "9", "a", "b", "c", "d", "e", "f" - ); my $length = shift || 8; - my $salt = ''; - my $max = scalar @keychars; - for my $i ( 0 .. $length - 1 ) { - my $skip = $i == 0 ? 1 : 0; # don't let the first be 0 - $salt .= $keychars[ $skip + int( rand( $max - $skip ) ) ]; - } + my $salt = substr( unpack( "h*", Crypt::SysRandom::random_bytes( POSIX::ceil( $length / 2 ) ) ), 0, $length ); return "HEX{$salt}"; }
Vulnerability mechanics
Root cause
"The module uses Perl's built-in `rand()` function to generate cryptographic salt values, which is a predictable PRNG unsuitable for security purposes [CWE-338]."
Attack vector
An attacker who can observe or predict the output of Perl's `rand()` function can determine the salt values generated by Crypt::SaltedHash. Since `rand()` is seeded with a predictable value (typically based on time and process ID), an attacker with knowledge of the approximate seeding time or access to previous salt outputs can reconstruct future salts. This weakens password hashing by making precomputation attacks (e.g., rainbow tables) feasible, as the attacker can generate the same salts and precompute hash chains [CWE-338]. No authentication or special network position is required beyond the ability to obtain a salted hash from the application.
Affected code
The vulnerability exists in the salt-generation logic of Crypt::SaltedHash versions through 0.09 for Perl. The module calls Perl's built-in `rand()` function to produce salt values, which is the only code path responsible for salt creation. The patch [patch_id=918875] modifies this salt-generation routine to use a cryptographically secure random source instead.
What the fix does
The patch [patch_id=918875] replaces calls to Perl's built-in `rand()` with a cryptographically secure random source. The diff shows the module now uses a proper random bytes generator instead of the predictable `rand()` function. This change ensures that salt values have sufficient entropy and cannot be predicted by an attacker, closing the CWE-338 weakness.
Preconditions
- inputThe attacker must be able to obtain at least one salted hash output from the application using Crypt::SaltedHash.
- networkNo special network position required; the attacker can be any remote or local user who can interact with the application.
Generated on May 20, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.