CVE-2025-15618 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a s…
Critical CVSS: 9.1

CVE-2025-15618

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key.

Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use.

This key is intended for encrypting credit card transaction data.
Vendor
-
Product
-
CWE
CWE-338
Yayın Tarihi
2026-03-31 11:16:11
Güncelleme
2026-04-01 14:24:02
Source Identifier
9b29abf9-4ab0-4765-b253-1875cd9b441e
KEV Date Added
-

Kategoriler

CWE-338 CRITICAL 2026

Referanslar

https://metacpan.org/dist/Business-OnlinePayment-StoredTransaction/source/lib/Business/OnlinePayment/StoredTransaction.pm#L64-75 https://security.metacpan.org/patches/B/Business-OnlinePayment-StoredTransaction/0.01/CVE-2025-15618-r1.patch http://www.openwall.com/lists/oss-security/2026/03/31/7