CVE-2025-40918

EUVD-2025-21696
Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely.

The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.

According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation
 depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.
PRNG
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Debian logo
Debian Releases
Debian Product
Codename
libauthen-sasl-perl
bookworm
no-dsa
bullseye
postponed
forky
2.2000-1
fixed
sid
2.2000-1
fixed
trixie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libauthen-sasl-perl
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
resolute
needs-triage
trusty
needs-triage
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
perl-Authen-SASL
suse enterprise desktop 15 SP6
2.16-150000.1.6.1
fixed
suse enterprise desktop 15 SP7
2.16-150000.1.6.1
fixed
suse enterprise sap 15 SP3
2.16-150000.1.6.1
fixed
suse enterprise sap 15 SP4
2.16-150000.1.6.1
fixed
suse enterprise sap 15 SP5
2.16-150000.1.6.1
fixed
suse enterprise sap 15 SP6
2.16-150000.1.6.1
fixed
suse enterprise sap 15 SP7
2.16-150000.1.6.1
fixed
suse enterprise server 12 SP3
2.16-5.3.1
fixed
suse enterprise server 12 SP5
2.16-5.3.1
fixed
suse enterprise server 15 SP2
2.16-150000.1.6.1
fixed
suse enterprise server 15 SP3
2.16-150000.1.6.1
fixed
suse enterprise server 15 SP4
2.16-150000.1.6.1
fixed
suse enterprise server 15 SP5
2.16-150000.1.6.1
fixed
suse enterprise server 15 SP6
2.16-150000.1.6.1
fixed
suse enterprise server 15 SP7
2.16-150000.1.6.1
fixed
perl-Crypt-URandom
suse enterprise desktop 15 SP6
0.540.0-150000.1.3.1
fixed
suse enterprise desktop 15 SP7
0.540.0-150000.1.3.1
fixed
suse enterprise sap 15 SP3
0.540.0-150000.1.3.1
fixed
suse enterprise sap 15 SP4
0.540.0-150000.1.3.1
fixed
suse enterprise sap 15 SP5
0.540.0-150000.1.3.1
fixed
suse enterprise sap 15 SP6
0.540.0-150000.1.3.1
fixed
suse enterprise sap 15 SP7
0.540.0-150000.1.3.1
fixed
suse enterprise server 12 SP3
0.540.0-1.3.1
fixed
suse enterprise server 12 SP5
0.540.0-1.3.1
fixed
suse enterprise server 15 SP2
0.540.0-150000.1.3.1
fixed
suse enterprise server 15 SP3
0.540.0-150000.1.3.1
fixed
suse enterprise server 15 SP4
0.540.0-150000.1.3.1
fixed
suse enterprise server 15 SP5
0.540.0-150000.1.3.1
fixed
suse enterprise server 15 SP6
0.540.0-150000.1.3.1
fixed
suse enterprise server 15 SP7
0.540.0-150000.1.3.1
fixed
Common Weakness Enumeration
References
https://datatracker.ietf.org/doc/html/rfc2831
https://github.com/gbarr/perl-authen-sasl/pull/22
https://metacpan.org/dist/Authen-SASL/source/lib/Authen/SASL/Perl/DIGEST_MD5.pm#L263
https://metacpan.org/release/EHUELS/Authen-SASL-2.1900/changes
https://security.metacpan.org/patches/A/Authen-SASL/2.1800/CVE-2025-40918-r1.patch
http://www.openwall.com/lists/oss-security/2025/07/16/5