4 matches found
CVE-2017-20240
Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...
CVE-2026-9638
Crypt::PBKDF2 for Perl versions before 0.261630 are vulnerable because they generate salts with the built-in rand function, which is predictable and not suitable for cryptography. Affected component: Crypt::PBKDF2 (Perl). Root cause: use of insecure RNG for salts. Impact: cryptographic salts may ...
CVE-2017-20240 Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks
Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...
PT-2026-48869
Name of the Vulnerable Software and Affected Versions Crypt::PBKDF2 versions prior to 0.261630 Description Certain versions are susceptible to timing attacks because they utilize Perl's built-in eq comparison. This allows discrepancies in timing to be used to guess the underlying derived-key...