Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks.
These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash.
AnalysisAI
Timing side-channel in the Perl module Crypt::SaltedHash through version 0.09 allows remote attackers to recover stored password hashes by measuring response-time discrepancies during hash validation. The flaw stems from use of Perl's short-circuiting eq operator inside the validate() routine, enabling byte-by-byte hash inference. EPSS is very low (0.02%) and there is no public exploit identified at time of analysis, but the upstream maintainer has shipped a fix in version 0.10 replacing the comparison with a constant-time routine.
Technical ContextAI
Crypt::SaltedHash is a CPAN module that produces and verifies salted password hashes (SHA/SSHA-family digests) for Perl applications, commonly used by LDAP-adjacent tooling and legacy authentication stacks. The root cause is CWE-208 (Observable Timing Discrepancy): the validate() subroutine compared the freshly generated hash to the stored hash with Perl's eq string operator, which returns as soon as the first non-matching byte is encountered, leaking information about how many leading bytes matched. The committed fix (commit c07bfc5) introduces a _secure_compare helper that XORs every byte position regardless of equality and only then returns the OR'd result, making execution time independent of where the strings diverge. CPE strings were not published, but EUVD records the affected range as Crypt::SaltedHash 0 ≤0.09.
RemediationAI
Vendor-released patch: Crypt::SaltedHash 0.10 - upgrade via cpanm Crypt::SaltedHash or your distribution's Perl package manager; the changelog and release notes are at https://metacpan.org/release/RRWO/Crypt-SaltedHash-0.10/changes and the underlying source fix is the constant-time _secure_compare introduced in commit https://github.com/robrwo/perl-Crypt-SaltedHash/commit/c07bfc5c23185b0667233d0f2e1252d81f1f027a. If upgrading immediately is not possible, a compensating control is to wrap or monkey-patch the Crypt::SaltedHash::validate method in calling code to perform the comparison with a constant-time routine such as Crypt::Util::constant_time_eq or a hand-rolled XOR loop (trade-off: fragile, must be re-applied after every module upgrade and audited per call site). At the application boundary, adding randomized response-time padding on authentication endpoints and rate-limiting failed validation attempts per source IP reduces the signal-to-noise ratio of timing measurements, at the cost of slightly higher latency and additional state to track. Further context is available in the oss-security post at http://www.openwall.com/lists/oss-security/2026/05/20/21 and the VulDB entry https://vuldb.com/vuln/364966.
Same weakness CWE-208 – Observable Timing Discrepancy
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31196
GHSA-mjc4-qqxc-7h36