NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-6146

Summary	Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys. Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data dump of the object. Before version 1.3.0, the secrets were encrypted using a 64-bit key that was generated using the built-in rand function, which is predictable and unsuitable for cryptography.
Publication Date	May 12, 2026, 5:25 a.m.
Registration Date	May 13, 2026, 4:10 a.m.
Last Update	May 13, 2026, 1:48 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://metacpan.org/release/BIGFOOT/Amazon-Credentials-1.2.0/source/lib/Amazon/Credentials.pm#L1415-1418	9b29abf9-4ab0-4765-b253-1875cd9b441e
2	https://metacpan.org/release/BIGFOOT/Amazon-Credentials-1.3.0/changes	9b29abf9-4ab0-4765-b253-1875cd9b441e
3	http://www.openwall.com/lists/oss-security/2026/05/11/15	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-338	暗号における脆弱な PRNG の使用	https://cwe.mitre.org/data/definitions/338.html