CVE-2026-9641 in Crypt::PBKDF2
Summary
by MITRE • 06/12/2026
Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations.
The default algorithm is HMAC-SHA1, which should only be used for legacy systems.
These versions default to using 1000 iterations.
Depending on the chosen algorithm, 220,000 to 1,400,000 iterations should be used.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/12/2026
Crypt::PBKDF2 is a perl module that implements the Password-Based Key Derivation Function 2 algorithm, which is designed to derive cryptographic keys from passwords while making brute force attacks computationally expensive. The vulnerability stems from the module's default configuration parameters that significantly weaken the security posture of systems relying on it for password hashing and key derivation operations. This weakness creates a substantial attack surface that can be exploited by adversaries seeking to compromise password-based authentication systems.
The technical flaw lies in the module's default algorithm selection of HMAC-SHA1, which represents a deprecated cryptographic standard that should only be considered for compatibility with legacy systems. Modern security practices strongly discourage the use of SHA-1 due to its known vulnerabilities and susceptibility to collision attacks, as documented in various security advisories and standards. Additionally, the default iteration count of only 1000 iterations provides insufficient computational work to protect against modern brute force and dictionary attacks, particularly when attackers have access to specialized hardware or cloud computing resources. The recommended iteration ranges of 220,000 to 1,400,000 iterations for modern implementations represent the minimum requirements to achieve adequate security strength against contemporary attack vectors.
The operational impact of this vulnerability extends beyond simple password hashing to encompass any system that relies on the module for cryptographic key derivation processes. Attackers can leverage the weak default parameters to perform rapid password cracking operations, potentially compromising user accounts, authentication systems, and encrypted data. The vulnerability affects systems that may not explicitly configure the module parameters, creating a widespread security risk across various applications and services. This weakness particularly impacts password recovery systems, authentication tokens, and any cryptographic operations where the module is used to derive keys from user passwords. The reduced iteration count makes offline dictionary attacks feasible within reasonable timeframes, while the deprecated HMAC-SHA1 algorithm provides additional attack vectors that could lead to more sophisticated compromise techniques.
Mitigation strategies should prioritize immediate configuration changes to increase the iteration count to at least 220,000 iterations and preferably to the upper range of 1,400,000 iterations when possible. System administrators must ensure that all applications using Crypt::PBKDF2 are updated to explicitly configure secure parameters rather than relying on defaults. The module should be configured to use stronger algorithms such as HMAC-SHA256 or HMAC-SHA512 instead of the deprecated HMAC-SHA1. Organizations should conduct comprehensive audits of their systems to identify all instances of the vulnerable module and implement proper security configuration management. Regular security assessments and penetration testing should verify that the updated configurations provide adequate protection against password-based attacks. This vulnerability aligns with CWE-327 (Use of a Broken or Risky Cryptographic Algorithm) and CWE-328 (Use of Weak Hash) while potentially mapping to ATT&CK techniques related to credential access through password cracking and exploitation of weak cryptographic implementations.