The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| adam_kennedy | crypt-dsa | 0.14 |
| adam_kennedy | crypt-dsa | 0.11 |
| adam_kennedy | crypt-dsa | 0.12 |
| adam_kennedy | crypt-dsa | 0.15_01 |
| adam_kennedy | crypt-dsa | 0.02 |
| adam_kennedy | crypt-dsa | 0.10 |
| adam_kennedy | crypt-dsa | 0.13 |
| adam_kennedy | crypt-dsa | 0.03 |
| adam_kennedy | crypt-dsa | * |
| adam_kennedy | crypt-dsa | 1.16 |
| adam_kennedy | crypt-dsa | 0.01 |