CVE-2026-57082 (GCVE-0-2026-57082)
Vulnerability from cvelistv5 – Published: 2026-06-30 11:05 – Updated: 2026-06-30 14:20
VLAI
Title
Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG
Summary
Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG.
The MSE (Message Stream Encryption) handshake derives its 160-bit Diffie-Hellman private key from Perl's rand(), a non-cryptographic drand48-class generator seeded once per process, in KeyExchange.pm. The shared secret and the RC4 keys derived from it (the SHA-1 of "keyA" or "keyB", the shared secret, and the infohash) therefore depend entirely on a predictable PRNG. The same handshake sends, in cleartext, random padding drawn from the same rand() sequence in _random_pad, immediately after the public key and the private-key draw.
A passive observer of the handshake recovers the PRNG state from the cleartext padding, reconstructs the private key, computes the shared secret from the peer's public key on the wire, derives the RC4 keys, and decrypts the connection, defeating the passive-observation obfuscation MSE provides.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/sanko/Net-BitTorrent.pm/securi… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SANKO | Net::BitTorrent |
Affected:
0 , ≤ 2.0.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-57082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T14:19:46.278267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T14:20:32.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Net-BitTorrent",
"product": "Net::BitTorrent",
"programFiles": [
"lib/Net/BitTorrent/Protocol/MSE/KeyExchange.pm",
"lib/Net/BitTorrent/Protocol/MSE.pm",
"lib/Net/BitTorrent/Peer.pm"
],
"programRoutines": [
{
"name": "Net::BitTorrent::Protocol::MSE::_random_pad"
}
],
"repo": "https://github.com/sanko/Net-BitTorrent.pm",
"vendor": "SANKO",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG.\n\nThe MSE (Message Stream Encryption) handshake derives its 160-bit Diffie-Hellman private key from Perl\u0027s rand(), a non-cryptographic drand48-class generator seeded once per process, in KeyExchange.pm. The shared secret and the RC4 keys derived from it (the SHA-1 of \"keyA\" or \"keyB\", the shared secret, and the infohash) therefore depend entirely on a predictable PRNG. The same handshake sends, in cleartext, random padding drawn from the same rand() sequence in _random_pad, immediately after the public key and the private-key draw.\n\nA passive observer of the handshake recovers the PRNG state from the cleartext padding, reconstructs the private key, computes the shared secret from the peer\u0027s public key on the wire, derives the RC4 keys, and decrypts the connection, defeating the passive-observation obfuscation MSE provides."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T11:05:33.709Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/sanko/Net-BitTorrent.pm/security/advisories/GHSA-g444-x2c5-94hc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG",
"workarounds": [
{
"lang": "en",
"value": "There is no fixed release. Draw the Diffie-Hellman private key and the handshake padding from a cryptographic source such as Crypt::URandom rather than rand()."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-57082",
"datePublished": "2026-06-30T11:05:33.709Z",
"dateReserved": "2026-06-23T18:20:33.514Z",
"dateUpdated": "2026-06-30T14:20:32.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-57082\",\"sourceIdentifier\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\",\"published\":\"2026-06-30T12:16:25.737\",\"lastModified\":\"2026-06-30T15:16:58.430\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG.\\n\\nThe MSE (Message Stream Encryption) handshake derives its 160-bit Diffie-Hellman private key from Perl\u0027s rand(), a non-cryptographic drand48-class generator seeded once per process, in KeyExchange.pm. The shared secret and the RC4 keys derived from it (the SHA-1 of \\\"keyA\\\" or \\\"keyB\\\", the shared secret, and the infohash) therefore depend entirely on a predictable PRNG. The same handshake sends, in cleartext, random padding drawn from the same rand() sequence in _random_pad, immediately after the public key and the private-key draw.\\n\\nA passive observer of the handshake recovers the PRNG state from the cleartext padding, reconstructs the private key, computes the shared secret from the peer\u0027s public key on the wire, derives the RC4 keys, and decrypts the connection, defeating the passive-observation obfuscation MSE provides.\"}],\"affected\":[{\"source\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\",\"affectedData\":[{\"vendor\":\"SANKO\",\"product\":\"Net::BitTorrent\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://cpan.org/modules\",\"packageName\":\"Net-BitTorrent\",\"programFiles\":[\"lib/Net/BitTorrent/Protocol/MSE/KeyExchange.pm\",\"lib/Net/BitTorrent/Protocol/MSE.pm\",\"lib/Net/BitTorrent/Peer.pm\"],\"programRoutines\":[{\"name\":\"Net::BitTorrent::Protocol::MSE::_random_pad\"}],\"repo\":\"https://github.com/sanko/Net-BitTorrent.pm\",\"versions\":[{\"version\":\"0\",\"lessThanOrEqual\":\"2.0.1\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-30T14:19:46.278267Z\",\"id\":\"CVE-2026-57082\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"},{\"lang\":\"en\",\"value\":\"CWE-338\"}]}],\"references\":[{\"url\":\"https://github.com/sanko/Net-BitTorrent.pm/security/advisories/GHSA-g444-x2c5-94hc\",\"source\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-57082\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-30T14:19:46.278267Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-30T14:19:42.344Z\"}}], \"cna\": {\"title\": \"Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"affected\": [{\"repo\": \"https://github.com/sanko/Net-BitTorrent.pm\", \"vendor\": \"SANKO\", \"product\": \"Net::BitTorrent\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.0.1\"}], \"packageName\": \"Net-BitTorrent\", \"programFiles\": [\"lib/Net/BitTorrent/Protocol/MSE/KeyExchange.pm\", \"lib/Net/BitTorrent/Protocol/MSE.pm\", \"lib/Net/BitTorrent/Peer.pm\"], \"collectionURL\": \"https://cpan.org/modules\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Net::BitTorrent::Protocol::MSE::_random_pad\"}]}], \"references\": [{\"url\": \"https://github.com/sanko/Net-BitTorrent.pm/security/advisories/GHSA-g444-x2c5-94hc\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"There is no fixed release. Draw the Diffie-Hellman private key and the handshake padding from a cryptographic source such as Crypt::URandom rather than rand().\"}], \"x_generator\": {\"engine\": \"cpansec-cna-tool 0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG.\\n\\nThe MSE (Message Stream Encryption) handshake derives its 160-bit Diffie-Hellman private key from Perl\u0027s rand(), a non-cryptographic drand48-class generator seeded once per process, in KeyExchange.pm. The shared secret and the RC4 keys derived from it (the SHA-1 of \\\"keyA\\\" or \\\"keyB\\\", the shared secret, and the infohash) therefore depend entirely on a predictable PRNG. The same handshake sends, in cleartext, random padding drawn from the same rand() sequence in _random_pad, immediately after the public key and the private-key draw.\\n\\nA passive observer of the handshake recovers the PRNG state from the cleartext padding, reconstructs the private key, computes the shared secret from the peer\u0027s public key on the wire, derives the RC4 keys, and decrypts the connection, defeating the passive-observation obfuscation MSE provides.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-338\", \"description\": \"CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-330\", \"description\": \"CWE-330 Use of Insufficiently Random Values\"}]}], \"providerMetadata\": {\"orgId\": \"9b29abf9-4ab0-4765-b253-1875cd9b441e\", \"shortName\": \"CPANSec\", \"dateUpdated\": \"2026-06-30T11:05:33.709Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-57082\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-30T14:20:32.388Z\", \"dateReserved\": \"2026-06-23T18:20:33.514Z\", \"assignerOrgId\": \"9b29abf9-4ab0-4765-b253-1875cd9b441e\", \"datePublished\": \"2026-06-30T11:05:33.709Z\", \"assignerShortName\": \"CPANSec\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…