CPANSA-Authen-SASL-2025-40918: Authen-SASL vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2025-07-16T00:00:00 | Engine | CSAF Perl Toolkit 0.26 |
| Current release date | 2025-07-16T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | 6.5 | Severity | |
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.
Vulnerabilities
CVE-2025-40918
Vulnerability DescriptionAuthen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely.
The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.
According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation
depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.
| Weakness | CWE-338 : Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
|---|
Product status
Known affected
| Product | Score | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Authen-SASL greater than or equal 2.04 and less than or equal 2.1900 |
|
Fixed
- Authen-SASL greater than or equal 2.1900
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-Authen-SASL-2025-40918 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2025/cpansa-authen-sasl-2025-40918.json - https://datatracker.ietf.org/doc/html/rfc2831 external
https://datatracker.ietf.org/doc/html/rfc2831 - https://github.com/gbarr/perl-authen-sasl/pull/22 external
https://github.com/gbarr/perl-authen-sasl/pull/22 - https://metacpan.org/dist/Authen-SASL/source/lib/Authen/SASL/Perl/DIGEST_MD5.pm#L263 external
https://metacpan.org/dist/Authen-SASL/source/lib/Authen/SASL/Perl/DIGEST_MD5.pm#L263 - https://security.metacpan.org/patches/A/Authen-SASL/2.1800/CVE-2025-40918-r1.patch external
https://security.metacpan.org/patches/A/Authen-SASL/2.1800/CVE-2025-40918-r1.patch - CVE-2025-40918 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2025-40918
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Wed Jul 16 00:00:00 2025 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/