CVE-2026-13082
Vulnerability Description
GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets.
The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a (by default) six-character string.
The built-in rand function is unsuitable for security applications because it is predictable and reversible.
The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a (by default) six-character string.
The built-in rand function is unsuitable for security applications because it is predictable and reversible.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-338
Source
NVD
Vendor
BURAK
Product
GD::SecurityImage
Discussion (0)
Add Comment
No comments yet. Be the first!