CVE-2017-20240

Published June 12th, 2026

View on NVD ↗

CVSS v3

5.9

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key.

arodland/Crypt-PBKDF2

The PBKDF2 password hash algorithm for Perl

GitHub