CVE-2026-9641

Vulnerability

Crypt::PBKDF2 versions before 0.261630 for Perl (released 2026-06-11) default to HMAC-SHA1 as the hash algorithm and use only 1000 iterations [2]. According to OWASP [1], PBKDF2 should use at least 600,000 iterations and HMAC-SHA256 for FIPS-140 compliance. These weak defaults make the generated password hashes far less resistant to brute-force attacks.

Exploitation

An attacker who obtains the password hashes (e.g., from a database breach) can perform a brute-force attack with significantly lower computational cost than expected. With only 1000 iterations and HMAC-SHA1, the attacker can test candidate passwords much faster than if proper parameters were used. No special network position or user interaction is required beyond access to the hash database.

Impact

Successful exploitation leads to easier recovery of plaintext passwords. This undermines the confidentiality of user accounts, potentially allowing attackers to compromise authenticated services or escalate privileges. The weakness applies to any application using the vulnerable library with default settings.

Mitigation

Users should upgrade to Crypt::PBKDF2 version 0.261630 or later [2], which changes the default to HMAC-SHA256 with 600,000 iterations and also improves salt generation and constant-time validation. Alternatively, applications can explicitly set algorithm and iterations parameters in line with OWASP recommendations [1]. No workaround exists for the old defaults; upgrading is required.