Back to CVE List

CVE-2026-13082

Vulnerability Description

GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets.

The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a (by default) six-character string.

The built-in rand function is unsuitable for security applications because it is predictable and reversible.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-338
Source
NVD
Vendor
BURAK
Product
GD::SecurityImage

External References

Discussion (0)

Add Comment

No comments yet. Be the first!