CVE-2017-20240
Deferred Deferred - Pending Action
Timing Attack Vulnerability in Crypt::PBKDF2 for Perl

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: CPANSec

Description
Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-12
AI Q&A
2026-06-12
EPSS Evaluated
N/A
NVD
CVE-2017-20240
EUVD
EUVD-2017-18978
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
arodland crypt_pbkdf2 to 0.261630 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-208 Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can allow an attacker to perform a timing attack to gradually discover the derived key used in password hashing.

If successful, the attacker could potentially recover sensitive password hashes, weakening the security of stored passwords.

This undermines the confidentiality and integrity of password-based authentication systems relying on the affected Crypt::PBKDF2 versions.

Executive Summary

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks because they use Perl's built-in eq operator for string comparison.

The eq operator can terminate early when comparing unequal strings, which causes discrepancies in timing that attackers can measure.

By analyzing these timing differences, an attacker can guess the underlying derived key one character at a time, potentially compromising password security.

Mitigation Strategies

The vulnerability in Crypt::PBKDF2 versions before 0.261630 is due to the use of Perl's built-in eq operator for string comparison, which leaks timing information and allows timing attacks.

An attempted fix involved replacing the eq operator with a constant-time string comparison function to prevent early termination and timing leaks, but this fix was not merged.

Therefore, immediate mitigation steps include avoiding use of vulnerable versions of Crypt::PBKDF2 and monitoring for updates or patches that implement a constant-time comparison.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2017-20240. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart