Primary

Context

Crypt::SecretBuffer Timing Attack Vulnerability

Vulnerability

A timing attack vulnerability exists in Crypt::SecretBuffer versions prior to 0.019 for Perl. This issue allows an attacker to exploit discrepancies in timing when the module is used to store and compare plaintext passwords, potentially leading to the guessing of secret passwords.

Impact

Exploitation of this vulnerability could allow an attacker to perform a timing attack, gaining information that could be used to guess passwords stored using Crypt::SecretBuffer.

Remediation

Users can upgrade to Crypt::SecretBuffer version 0.019 or later, where this vulnerability has been addressed. Instructions for downloading the latest version are available on MetaCPAN.

Added: Apr 13, 2026, 11:18 PM

Updated: Apr 13, 2026, 11:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

5.5

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

5.5

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Crypt::SecretBuffer Timing Attack Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating