Uses String::Random with rand rng
Looking at the code of the master branch, several modules use a weak random-number generator:
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Ext2F.pm lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Mail2F.pm lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SMTP.pm
By default String::Random uses Perl's
rand rng, which is not suitable for use in crypto-related code. Given that the
rand_gen method doesn't seem to be used anywhere in the codebase I assume that LL::NG uses rand in those cases.
I have not tried to exploit this weakness.
use's String::Random, but none of its methods seem to be used.