arodland/Crypt-PBKDF2

Releases15

Frequency1 year 1 month

Last Release 14 days ago

Stars6

The PBKDF2 password hash algorithm for Perl

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2017-20240 ↗	Jun 12, 2026Friday, 12 June 2026, 14:16	5.9 MEDIUM	—
Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key.