CVE-2026-6146

EUVD-2026-29199
Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys.

Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data dump of the object.

Before version 1.3.0, the secrets were encrypted using a 64-bit key that was generated using the built-in rand function, which is predictable and unsuitable for cryptography.
PRNG
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Common Weakness Enumeration
References
https://metacpan.org/release/BIGFOOT/Amazon-Credentials-1.2.0/source/lib/Amazon/Credentials.pm#L1415-1418
https://metacpan.org/release/BIGFOOT/Amazon-Credentials-1.3.0/changes
http://www.openwall.com/lists/oss-security/2026/05/11/15