Skip to main content

Crypt::PBKDF2 EUVDEUVD-2026-36470

| CVE-2026-9641 MEDIUM
Use of Password Hash With Insufficient Computational Effort (CWE-916)
2026-06-12 CPANSec GHSA-v9r4-9w2c-2xcp
5.3
CVSS 3.1 · Vendor: CPANSec
Share

Severity by source

Vendor (CPANSec) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vuln.today AI
5.3 MEDIUM

Offline hash cracking requires no target-system privileges or user interaction; C:L reflects partial credential exposure with no integrity or availability impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from Vendor (CPANSec).

CVSS VectorVendor: CPANSec

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jun 12, 2026 - 18:23 vuln.today
CVSS changed
Jun 12, 2026 - 18:22 NVD
5.3 (MEDIUM)
Patch available
Jun 12, 2026 - 17:01 EUVD
CVE Published
Jun 12, 2026 - 14:57 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations.

The default algorithm is HMAC-SHA1, which should only be used for legacy systems.

These versions default to using 1000 iterations.

Depending on the chosen algorithm, 220,000 to 1,400,000 iterations should be used.

AnalysisAI

Crypt::PBKDF2 for Perl prior to version 0.261630 ships with critically weak password-hashing defaults - HMAC-SHA1 as the pseudorandom function and only 1,000 iterations - leaving derived keys and stored passwords highly vulnerable to offline brute-force attacks. Applications that do not explicitly override these defaults expose any compromised credential store to cracking at rates orders of magnitude faster than OWASP-recommended configurations (220,000-1,400,000 iterations depending on algorithm). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Compromise database or backup to extract hashes
Delivery
Identify PBKDF2-HMAC-SHA1 hash format with 1,000 iterations
Exploit
Load hashes into GPU cracking tool
Execution
Brute-force at high iteration-reduced rate
Persist
Recover plaintext passwords
Impact
Credential reuse or direct account takeover

Vulnerability AssessmentAI

Exploitation Exploitation requires two prerequisites: first, the application must use Crypt::PBKDF2 without explicitly overriding the default algorithm (HMAC-SHA1) and default iteration count (1,000 iterations) - any application that explicitly sets a modern algorithm and high iteration count is not affected by this default-configuration weakness. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) reflects partial confidentiality impact with no authentication required, which aligns with the offline cracking phase of exploitation - once hashes are obtained, no privileges on the target system are needed to crack them. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who exfiltrates a database from an application built on Crypt::PBKDF2 with default settings obtains HMAC-SHA1 hashes with only 1,000 iterations. Loading these hashes into hashcat with the PBKDF2-HMAC-SHA1 module, the attacker achieves cracking rates several billion candidates per second on a commodity GPU - compared to under a million per second at OWASP-recommended iteration counts - recovering plaintext passwords in minutes for common passwords and hours for moderate-complexity ones. …
Remediation Upgrade Crypt::PBKDF2 to version 0.261630 or later using CPAN or cpanm; the vendor-confirmed fix is documented at https://metacpan.org/release/ARODLAND/Crypt-PBKDF2-0.261630/changes. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Crypt

View all
CVE-2026-30909 CRITICAL
9.8 Mar 08

Perl Crypt::NaCl::Sodium module through 2.002 has potential integer overflows in cryptographic operations that could wea

CVE-2026-2588 CRITICAL
9.1 Feb 23

Integer overflow in Crypt::NaCl::Sodium Perl module through version 2.001 on 32-bit systems. The Sodium.xs binding casts

CVE-2026-9265 CRITICAL
9.1 Jun 20

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_

CVE-2026-2597 HIGH
7.5 Feb 27

Heap buffer overflow in Crypt::SysRandom::XS before version 0.010 allows denial of service through negative length param

CVE-2026-30910 HIGH
7.5 Mar 08

Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined aead encryption, combined

CVE-2026-5086 HIGH
7.5 Apr 13

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuff

CVE-2026-6659 HIGH
7.5 May 08

Weak salt generation in Crypt::PasswdMD5 (Perl) through version 1.42 enables password hash cracking via predictable rand

CVE-2026-9638 HIGH
7.5 Jun 12

Predictable salt generation in the Perl Crypt::PBKDF2 module before version 0.261630 weakens the cryptographic strength

CVE-2026-8704 MEDIUM
6.5 May 15

File overwrite and information disclosure in Crypt::DSA through version 1.19 for Perl expose systems where user-controll

CVE-2026-8463 MEDIUM
5.3 May 13

Heap out-of-bounds read in Crypt::Argon2 for Perl (versions 0.017 through 0.030) exposes applications to process crash o

CVE-2026-14570
Jul 05

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, lead

CVE-2024-58040 CRITICAL
9.1 Sep 30

Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption. Rated critical severity (

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed

Share

EUVD-2026-36470 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy