VYPR

Perl Crypt Saltedhash

by Rrwo

Source repositories

CVEs (2)

  • CVE-2026-47372CriMay 20, 2026
    risk 0.52cvss 9.1epss 0.00

    Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography.

  • CVE-2026-47373HigMay 20, 2026
    risk 0.42cvss 7.5epss 0.00

    Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash.