CVE-2026-46473

Published May 21st, 2026

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

tchatzi/Authen-TOTP

Perl Interface to RFC6238 two factor authentication (2FA)

GitHub