Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys.
Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data dump of the object.
Before version 1.3.0, the secrets were encrypted using a 64-bit key that was generated using the built-in rand function, which is predictable and unsuitable for cryptography.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6146.json",
"cna_assigner": "CPANSec",
"cwe_ids": [
"CWE-338"
]
}