Skip to main content

Crypt::SaltedHash EUVDEUVD-2026-31196

| CVE-2026-47373 HIGH
Observable Timing Discrepancy (CWE-208)
2026-05-20 9b29abf9-4ab0-4765-b253-1875cd9b441e GHSA-mjc4-qqxc-7h36
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Source Code Evidence Fetched
May 21, 2026 - 15:22 vuln.today
Analysis Generated
May 21, 2026 - 15:22 vuln.today
CVSS changed
May 21, 2026 - 15:22 NVD
7.5 (HIGH)
CVE Published
May 20, 2026 - 21:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks.

These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash.

AnalysisAI

Timing side-channel in the Perl module Crypt::SaltedHash through version 0.09 allows remote attackers to recover stored password hashes by measuring response-time discrepancies during hash validation. The flaw stems from use of Perl's short-circuiting eq operator inside the validate() routine, enabling byte-by-byte hash inference. EPSS is very low (0.02%) and there is no public exploit identified at time of analysis, but the upstream maintainer has shipped a fix in version 0.10 replacing the comparison with a constant-time routine.

Technical ContextAI

Crypt::SaltedHash is a CPAN module that produces and verifies salted password hashes (SHA/SSHA-family digests) for Perl applications, commonly used by LDAP-adjacent tooling and legacy authentication stacks. The root cause is CWE-208 (Observable Timing Discrepancy): the validate() subroutine compared the freshly generated hash to the stored hash with Perl's eq string operator, which returns as soon as the first non-matching byte is encountered, leaking information about how many leading bytes matched. The committed fix (commit c07bfc5) introduces a _secure_compare helper that XORs every byte position regardless of equality and only then returns the OR'd result, making execution time independent of where the strings diverge. CPE strings were not published, but EUVD records the affected range as Crypt::SaltedHash 0 ≤0.09.

RemediationAI

Vendor-released patch: Crypt::SaltedHash 0.10 - upgrade via cpanm Crypt::SaltedHash or your distribution's Perl package manager; the changelog and release notes are at https://metacpan.org/release/RRWO/Crypt-SaltedHash-0.10/changes and the underlying source fix is the constant-time _secure_compare introduced in commit https://github.com/robrwo/perl-Crypt-SaltedHash/commit/c07bfc5c23185b0667233d0f2e1252d81f1f027a. If upgrading immediately is not possible, a compensating control is to wrap or monkey-patch the Crypt::SaltedHash::validate method in calling code to perform the comparison with a constant-time routine such as Crypt::Util::constant_time_eq or a hand-rolled XOR loop (trade-off: fragile, must be re-applied after every module upgrade and audited per call site). At the application boundary, adding randomized response-time padding on authentication endpoints and rate-limiting failed validation attempts per source IP reduces the signal-to-noise ratio of timing measurements, at the cost of slightly higher latency and additional state to track. Further context is available in the oss-security post at http://www.openwall.com/lists/oss-security/2026/05/20/21 and the VulDB entry https://vuldb.com/vuln/364966.

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Tumbleweed Fixed

Share

EUVD-2026-31196 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy