CVE-2025-40918

216.73.217.98

· Published 16/07/2025 14:15 · Modified 16/07/2025 21:15

Labels: CVE-2025-40918 2025-07-16 9b29abf9-4ab0-4765-b253-1875cd9b441e CVE-2025-40918 CWE-338

Essential information

Published: 16/07/2025 14:15
Modified: 16/07/2025 21:15
Author: —
Creator: —
CVSS: 6.5 MEDIUM (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS metrics

Description

Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.

NVD status

Status: Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
NVD: View on NVD

Affected products (CPE)

Product	CPE
authen / sasl perl digest md5	`cpe:2.3:a:authen:sasl_perl_digest_md5:2.04-2.1800:::::::*`