Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Crypt::PBKDF2

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2026-9641
Assigner-CPAN Security Group
ShareView Details
Assigner-CPAN Security Group
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-12 Jun, 2026 | 14:57
Updated-12 Jun, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000 iterations should be used.

Action-Not Available
Vendor-ARODLAND
Product-Crypt::PBKDF2
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CVE-2026-9638
Assigner-CPAN Security Group
ShareView Details
Assigner-CPAN Security Group
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 14:41
Updated-12 Jun, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography.

Action-Not Available
Vendor-ARODLAND
Product-Crypt::PBKDF2
CWE ID-CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2017-20240
Assigner-CPAN Security Group
ShareView Details
Assigner-CPAN Security Group
CVSS Score-5.9||MEDIUM
EPSS-Not Assigned
Published-12 Jun, 2026 | 13:19
Updated-12 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key.

Action-Not Available
Vendor-ARODLAND
Product-Crypt::PBKDF2
CWE ID-CWE-208
Observable Timing Discrepancy