CVE-2017-20240
MEDIUMDescription
Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key.
Is your site exposed to CVE-2017-20240?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2017-20240? +
How severe is CVE-2017-20240? +
How do I check if I'm vulnerable to CVE-2017-20240? +
Related Vulnerabilities
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash …
SCRAM (Salted Challenge Response Authentication Mechanism) is part of the family of Simple Authentication and Security Layer (SASL, RFC 4422) …
Quiet is an alternative to team chat apps like Slack, Discord, and Element that does not require trusting a central …
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows …
Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to …
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash …