CVE-2026-6146
Essential information
- Published
- 11/05/2026 20:25
- Modified
- 12/05/2026 16:48
- Author
- —
- Creator
- —
- CISA KEV
- No
- CWE
- —
- CVSS vector
- — — —
Description
Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys.
Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data dump of the object.
Before version 1.3.0, the secrets were encrypted using a 64-bit key that was generated using the built-in rand function, which is predictable and unsuitable for cryptography.
NVD status
- Status
- Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- 9b29abf9-4ab0-4765-b253-1875cd9b441e
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| amazon / credentials | cpe:2.3:a:amazon:credentials:*:*:*:*:*:*:*:* |