CVE-2025-40919: Authen::DigestMD5 versions 0.01 through 0.04 for Perl generate the cnonce insecurely
Robert Rothenberg 16 Jul 2025 14:07 UTC
========================================================================
CVE-2025-40919 CPAN Security Group
========================================================================
CVE ID: CVE-2025-40919
Distribution: Authen-DigestMD5
Versions: from 0.01 through 0.04
MetaCPAN: https://metacpan.org/dist/Authen-DigestMD5
Authen::DigestMD5 versions 0.01 through 0.04 for Perl generate the
cnonce insecurely
Description
-----------
Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the
cnonce insecurely.
The cnonce (client nonce) is generated from an MD5 hash of the PID, the
epoch time and the built-in rand function. The PID will come from a
small set of numbers, and the epoch time may be guessed, if it is not
leaked from the HTTP Date header. The built-in rand function is
unsuitable for cryptographic usage.
According to RFC 2831, "The cnonce-value is an opaque quoted string
value provided by the client and used by both client and server to
avoid chosen plaintext attacks, and to provide mutual authentication.
The security of the implementation depends on a good choice. It is
RECOMMENDED that it contain at least 64 bits of entropy."
Problem types
-------------
- CWE-340 Generation of Predictable Numbers or Identifiers
- CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator
References
----------
https://metacpan.org/release/SALVA/Authen-DigestMD5-0.01/source/DigestMD5.pm#L126
https://datatracker.ietf.org/doc/html/rfc2831
