CVE-2026-9638 Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

CVE-2026-9638

Crypt::PBKDF2 for Perl versions before 0.261630 are vulnerable because they generate salts with the built-in rand function, which is predictable and not suitable for cryptography. Affected component: Crypt::PBKDF2 (Perl). Root cause: use of insecure RNG for salts. Impact: cryptographic salts may ...

CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

PT-2026-48920

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...