CVE-2026-47373 Overview
CVE-2026-47373 affects Crypt::SaltedHash versions through 0.09 for Perl. The module is susceptible to timing attacks because it uses Perl's built-in eq operator to compare hash values. The eq operator performs byte-by-byte comparison and returns as soon as a mismatch is found. An attacker measuring the response time of repeated comparisons can incrementally infer the bytes of a stored hash. This class of weakness is tracked as CWE-208: Observable Timing Discrepancy. The maintainer addressed the issue in Crypt-SaltedHash version 0.10 by replacing eq with a constant-time comparison routine named _secure_compare.
Critical Impact
Attackers can leverage timing side channels to recover password hashes used for authentication in Perl applications relying on Crypt::SaltedHash for credential validation.
Affected Products
- Crypt::SaltedHash Perl module, versions through 0.09
- Perl applications that use Crypt::SaltedHash for password or credential validation
- Downstream CPAN distributions bundling Crypt-SaltedHash ≤ 0.09
Discovery Timeline
- 2026-05-20 - CVE-2026-47373 published to the National Vulnerability Database (NVD)
- 2026-05-20 - Public discussion posted to the OpenWall OSS Security list
- 2026-05-20 - Last updated in the NVD database
Technical Details for CVE-2026-47373
Vulnerability Analysis
The vulnerability is a classic timing side-channel issue in cryptographic hash verification. Crypt::SaltedHash is a Perl module that generates and validates salted hashes used for password storage. Validation compares a freshly computed hash against a stored hash. The pre-patch implementation used Perl's standard string equality operator, which short-circuits on the first differing byte.
Because the comparison time correlates with the number of matching leading bytes, an attacker with the ability to submit candidate hashes and measure server response time can deduce the stored hash one byte at a time. Recovery of the hash enables offline brute-force or dictionary attacks against the underlying password without further interaction with the target.
Root Cause
The root cause is the use of a non-constant-time comparison in the validation path of lib/Crypt/SaltedHash.pm. The code returned $gen_hash eq $hash, which exits early when bytes differ. Secure hash verification requires comparing the full length of both operands in time independent of the input contents.
Attack Vector
Exploitation requires the attacker to repeatedly submit candidate hashes or trigger comparisons in a context where response latency can be measured. Suitable targets include authentication endpoints, password reset flows, or API calls that internally invoke Crypt::SaltedHash validate routines. Network jitter increases the number of samples required, but statistical averaging over many requests can still extract the hash.
// Pre-patch (vulnerable) vs post-patch comparison in lib/Crypt/SaltedHash.pm
my $gen_hasheddata = $obj->generate;
my $gen_hash = &__get_pass_hash($gen_hasheddata);
- return $gen_hash eq $hash;
+ return _secure_compare( $gen_hash, $hash );
}
Source: GitHub commit c07bfc5. The patch replaces the short-circuiting eq operator with _secure_compare, a constant-time comparison helper.
Detection Methods for CVE-2026-47373
Indicators of Compromise
- High volumes of authentication requests from a single source targeting the same account or hash endpoint
- Unusually consistent request cadence designed to gather precise latency measurements
- Repeated submissions of structurally similar but incrementally varied hash strings
Detection Strategies
- Inventory CPAN dependencies and flag any installation of Crypt-SaltedHash at version ≤ 0.09
- Inspect application source for direct calls to validate() on Crypt::SaltedHash objects in code paths reachable from untrusted input
- Use software composition analysis (SCA) tooling to match installed module versions against the fixed release 0.10
Monitoring Recommendations
- Monitor authentication endpoints for abnormal request rates and latency probing patterns
- Log and alert on repeated failed validations against the same identifier within short time windows
- Track response time distributions for credential validation endpoints to detect timing oracles being abused
How to Mitigate CVE-2026-47373
Immediate Actions Required
- Upgrade Crypt-SaltedHash to version 0.10 or later, which introduces _secure_compare
- Audit application code for any custom hash or token comparisons using eq and replace them with constant-time equivalents
- Apply rate limiting and account lockout policies on authentication endpoints to reduce timing-attack feasibility
Patch Information
The maintainer published the fix in Crypt-SaltedHash 0.10. The relevant changes are documented in the MetaCPAN release changelog and the upstream GitHub commit patch. The release notes explicitly reference CVE-2026-47373 with the entry "Security: Use constant-time comparison of hashes".
Workarounds
- Wrap calls to Crypt::SaltedHash validation with a constant-time comparison helper such as Crypt::Util::strconsteq until upgrading is possible
- Introduce randomized response delays on authentication endpoints to obscure timing signals as a temporary defense
- Restrict access to credential validation endpoints behind authenticated rate-limited gateways where feasible
# Upgrade Crypt-SaltedHash via cpanm to the patched release
cpanm Crypt::SaltedHash@0.10
# Verify installed version
perl -MCrypt::SaltedHash -e 'print $Crypt::SaltedHash::VERSION, "\n"'
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
