CVE-2026-9641
Deferred Deferred - Pending Action
Weak PBKDF2 Defaults in Crypt::PBKDF2 Perl Module

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: CPANSec

Description
Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000 iterations should be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-12
AI Q&A
2026-06-12
EPSS Evaluated
N/A
NVD
CVE-2026-9641
EUVD
EUVD-2026-36470
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-916 The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability concerns the Crypt::PBKDF2 Perl module versions before 0.261630, which use a weak default password hashing configuration.

Specifically, the default algorithm is HMAC-SHA1, which is considered outdated and suitable only for legacy systems.

Additionally, the default number of iterations is set to 1000, which is significantly lower than recommended values that range from 220,000 to 1,400,000 iterations depending on the algorithm.

Using a weak algorithm and low iteration count reduces the computational effort required to crack hashed passwords, making the system more vulnerable to brute-force attacks.

Compliance Impact

The vulnerability in Crypt::PBKDF2 versions before 0.261630 involves the use of a weak default algorithm (HMAC-SHA1) and a low number of iterations (1000), which are below recommended security standards.

Common standards and regulations such as GDPR and HIPAA require organizations to implement strong security controls to protect sensitive data, including passwords. Using weak password hashing algorithms and insufficient iteration counts increases the risk of password compromise through offline attacks.

According to best practices (e.g., OWASP Password Storage Cheat Sheet), PBKDF2 should use HMAC-SHA-256 with at least 600,000 iterations to ensure adequate protection. The vulnerable versions fall short of these recommendations, potentially leading to non-compliance with security requirements mandated by regulations.

Therefore, systems using the affected versions may fail to meet compliance requirements for protecting stored passwords, increasing the risk of data breaches and regulatory penalties.

Impact Analysis

This vulnerability can impact you by weakening the security of stored passwords if you use the affected Crypt::PBKDF2 versions with default settings.

Because the default algorithm is weak and the iteration count is low, attackers who gain access to hashed passwords can more easily perform offline brute-force attacks to recover the original passwords.

This increases the risk of unauthorized access to user accounts and potentially other systems if users reuse passwords.

Detection Guidance

This vulnerability involves the use of Crypt::PBKDF2 versions before 0.261630 for Perl that use a weak default algorithm (HMAC-SHA1) and a low number of iterations (1000). To detect this vulnerability on your system, you should check the version of Crypt::PBKDF2 installed and inspect the configuration or code to see if the default algorithm and iteration count are being used.

Suggested commands to detect the vulnerable version and configuration include:

  • Check the installed version of Crypt::PBKDF2 in Perl: perl -MCrypt::PBKDF2 -e 'print $Crypt::PBKDF2::VERSION, "\n";'
  • Search your codebase or configuration files for usage of Crypt::PBKDF2 and verify the algorithm and iteration parameters. For example, grep -r 'Crypt::PBKDF2' /path/to/your/code
  • Look for default parameters in the code such as algorithm set to 'HMACSHA1' and iteration count set to 1000.

Since this vulnerability is related to password hashing parameters, network detection is not straightforward; it requires inspection of the software environment and code.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Crypt::PBKDF2 to version 0.261630 or later, which uses stronger default algorithms and higher iteration counts.

Additionally, configure the password hashing to use a stronger algorithm than HMAC-SHA1, such as HMAC-SHA256, and increase the number of iterations to a secure level between 220,000 and 1,400,000 depending on the algorithm.

Following best practices from the OWASP Password Storage Cheat Sheet can further improve security:

  • Use modern password hashing algorithms like Argon2id, scrypt, or bcrypt if applicable.
  • Add unique, random salts to each password before hashing.
  • Consider using a pepper (a secret value stored separately) for additional defense.
  • Set work factors (iterations) to balance security and performance, aiming for hash computation times under one second.

Finally, re-hash existing passwords with the improved parameters when users authenticate or reset their passwords.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9641. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart