CVE-2017-20240

CVE-2017-20240: Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks

Vendor Arodland
Product Crypt::PBKDF2
Weakness CWE-208
Published June 12, 2026
Last update June 12, 2026

CVSS base score

What the vulnerability does

01Description

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key.

Key dates

02Disclosure timeline

June 12, 2026 CVE published
June 12, 2026 Record updated