Fluid Attacks Database

Description

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 14	libcrypt-passwdmd5-perl	=1.42-2
debian 11	libcrypt-passwdmd5-perl	=1.41-1 \|\| =1.42-1 \|\| =1.42-2
debian 12	libcrypt-passwdmd5-perl	=1.42-2
debian 13	libcrypt-passwdmd5-perl	=1.42-2
rpm rhel7	perl	-
rpm rhel6	perl	-
rpm rhel10	perl	-
rpm rhel8	perl	-
rpm rhel9	perl	-

Aliases

1. CVE-2026-66592. NVD-2026-66593. OSV-DEBIAN-2026-66594. OSV-2026-66595. SECURITY-TRACKER-CVE-2026-6659

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.