Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks
CVE-2017-20240
Currently unrated
What is CVE-2017-20240?
Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks.
These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key.
Affected Version(s)
Crypt::PBKDF2 0 < 0.261630