Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-47373

CVE-2026-47373: Perl Crypt::SaltedHash Timing Attack Flaw

CVE-2026-47373 is a timing attack vulnerability in Perl Crypt::SaltedHash versions through 0.09 that allows attackers to guess password hashes. This article covers the technical details, affected versions, and mitigation.

Published:

CVE-2026-47373 Overview

CVE-2026-47373 affects Crypt::SaltedHash versions through 0.09 for Perl. The module is susceptible to timing attacks because it uses Perl's built-in eq operator to compare hash values. The eq operator performs byte-by-byte comparison and returns as soon as a mismatch is found. An attacker measuring the response time of repeated comparisons can incrementally infer the bytes of a stored hash. This class of weakness is tracked as CWE-208: Observable Timing Discrepancy. The maintainer addressed the issue in Crypt-SaltedHash version 0.10 by replacing eq with a constant-time comparison routine named _secure_compare.

Critical Impact

Attackers can leverage timing side channels to recover password hashes used for authentication in Perl applications relying on Crypt::SaltedHash for credential validation.

Affected Products

  • Crypt::SaltedHash Perl module, versions through 0.09
  • Perl applications that use Crypt::SaltedHash for password or credential validation
  • Downstream CPAN distributions bundling Crypt-SaltedHash ≤ 0.09

Discovery Timeline

  • 2026-05-20 - CVE-2026-47373 published to the National Vulnerability Database (NVD)
  • 2026-05-20 - Public discussion posted to the OpenWall OSS Security list
  • 2026-05-20 - Last updated in the NVD database

Technical Details for CVE-2026-47373

Vulnerability Analysis

The vulnerability is a classic timing side-channel issue in cryptographic hash verification. Crypt::SaltedHash is a Perl module that generates and validates salted hashes used for password storage. Validation compares a freshly computed hash against a stored hash. The pre-patch implementation used Perl's standard string equality operator, which short-circuits on the first differing byte.

Because the comparison time correlates with the number of matching leading bytes, an attacker with the ability to submit candidate hashes and measure server response time can deduce the stored hash one byte at a time. Recovery of the hash enables offline brute-force or dictionary attacks against the underlying password without further interaction with the target.

Root Cause

The root cause is the use of a non-constant-time comparison in the validation path of lib/Crypt/SaltedHash.pm. The code returned $gen_hash eq $hash, which exits early when bytes differ. Secure hash verification requires comparing the full length of both operands in time independent of the input contents.

Attack Vector

Exploitation requires the attacker to repeatedly submit candidate hashes or trigger comparisons in a context where response latency can be measured. Suitable targets include authentication endpoints, password reset flows, or API calls that internally invoke Crypt::SaltedHash validate routines. Network jitter increases the number of samples required, but statistical averaging over many requests can still extract the hash.

text
// Pre-patch (vulnerable) vs post-patch comparison in lib/Crypt/SaltedHash.pm
    my $gen_hasheddata = $obj->generate;
    my $gen_hash       = &__get_pass_hash($gen_hasheddata);

-    return $gen_hash eq $hash;
+    return _secure_compare( $gen_hash, $hash );
}

Source: GitHub commit c07bfc5. The patch replaces the short-circuiting eq operator with _secure_compare, a constant-time comparison helper.

Detection Methods for CVE-2026-47373

Indicators of Compromise

  • High volumes of authentication requests from a single source targeting the same account or hash endpoint
  • Unusually consistent request cadence designed to gather precise latency measurements
  • Repeated submissions of structurally similar but incrementally varied hash strings

Detection Strategies

  • Inventory CPAN dependencies and flag any installation of Crypt-SaltedHash at version ≤ 0.09
  • Inspect application source for direct calls to validate() on Crypt::SaltedHash objects in code paths reachable from untrusted input
  • Use software composition analysis (SCA) tooling to match installed module versions against the fixed release 0.10

Monitoring Recommendations

  • Monitor authentication endpoints for abnormal request rates and latency probing patterns
  • Log and alert on repeated failed validations against the same identifier within short time windows
  • Track response time distributions for credential validation endpoints to detect timing oracles being abused

How to Mitigate CVE-2026-47373

Immediate Actions Required

  • Upgrade Crypt-SaltedHash to version 0.10 or later, which introduces _secure_compare
  • Audit application code for any custom hash or token comparisons using eq and replace them with constant-time equivalents
  • Apply rate limiting and account lockout policies on authentication endpoints to reduce timing-attack feasibility

Patch Information

The maintainer published the fix in Crypt-SaltedHash 0.10. The relevant changes are documented in the MetaCPAN release changelog and the upstream GitHub commit patch. The release notes explicitly reference CVE-2026-47373 with the entry "Security: Use constant-time comparison of hashes".

Workarounds

  • Wrap calls to Crypt::SaltedHash validation with a constant-time comparison helper such as Crypt::Util::strconsteq until upgrading is possible
  • Introduce randomized response delays on authentication endpoints to obscure timing signals as a temporary defense
  • Restrict access to credential validation endpoints behind authenticated rate-limited gateways where feasible
bash
# Upgrade Crypt-SaltedHash via cpanm to the patched release
cpanm Crypt::SaltedHash@0.10

# Verify installed version
perl -MCrypt::SaltedHash -e 'print $Crypt::SaltedHash::VERSION, "\n"'

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.