CVE-2026-6146

EUVD-2026-29199
Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys.

Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data dump of the object.

Before version 1.3.0, the secrets were encrypted using a 64-bit key that was generated using the built-in rand function, which is predictable and unsuitable for cryptography.
PRNG
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Common Weakness Enumeration
References
https://metacpan.org/release/BIGFOOT/Amazon-Credentials-1.2.0/source/lib/Amazon/Credentials.pm#L1415-1418
https://metacpan.org/release/BIGFOOT/Amazon-Credentials-1.3.0/changes
http://www.openwall.com/lists/oss-security/2026/05/11/15