Primary

Context

Catalyst::Plugin::Authentication Timing Attack Vulnerability

Vulnerability

Patched

A timing attack vulnerability has been identified in Catalyst::Plugin::Authentication versions prior to 0.10024 for Perl. The issue arises because these versions rely on Perl's built-in equality comparison, which can be exploited to infer information about the underlying hash or password by measuring response times.

Impact

Exploitation of this vulnerability could lead to successful timing attacks, allowing an attacker to guess hashes or passwords based on observed timing discrepancies.

Remediation

Users can upgrade to Catalyst::Plugin::Authentication version 0.10024 or later, where this vulnerability has been addressed.

Added: May 21, 2026, 10:45 PM

Updated: May 21, 2026, 10:45 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

8.9

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

8.9

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Catalyst::Plugin::Authentication Timing Attack Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Catalyst::Plugin::Authentication

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating