CVE-2026-8647

Vulnerability

Crypt::ScryptKDF versions 0.001 through 0.010 for Perl use an insecure random number source when no CSPRNG module is available. The random_bytes function falls back to the built-in Perl rand() function when none of Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or Bytes::Random::Secure are present. This affects random salt generation used in scrypt_hash and related operations [1][2].

Exploitation

An attacker does not need direct access to the system; exploitation occurs when a target environment lacks any of the listed CSPRNG modules and the vulnerable library versions are used. No authentication or user interaction is required beyond the application using the library for password hashing or key derivation. The random_bytes call will silently use rand() which is cryptographically weak [2].

Impact

Successful exploitation allows an attacker to predict or brute-force salt values generated by the library, weakening the scrypt output and potentially enabling password hash cracking or other cryptographic defeats. The impact is loss of confidentiality of derived keys or authentication secrets [1][2].

Mitigation

Upgrade to Crypt::ScryptKDF version 0.011 (released 2026-05-16) which fixes CVE-2026-8647. The fix ensures that if no CSPRNG module is available, the module croaks with an explicit error instead of falling back to rand(). No workaround is available for older versions; ensure one of the listed secure random modules is installed or update to 0.011 [1].