Medium

Weak PBKDF2 Defaults in Crypt::PBKDF2 for Perl

IdentifiersCVE-2026-9641CWE-916· Use of Password Hash With…

CVE-2026-9641 affects Crypt::PBKDF2 for Perl versions prior to 0.261630. The vulnerability is caused by insecure default PBKDF2 parameters used by the module for password hashing or key derivation: the default PRF/hash algorithm is HMAC-SHA1 and the default iteration count is only 1000. The advisory states these defaults are no longer appropriate for modern deployments, with HMAC-SHA1 suitable only for legacy compatibility and 1000 iterations providing insufficient computational cost. Current guidance cited in the supporting content recommends substantially higher iteration counts depending on the selected algorithm, approximately 220,000 to 1,400,000 iterations, and the fixed release changes the defaults to HMAC-SHA256 with 600,000 iterations.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Use of the affected defaults weakens password storage and PBKDF2-derived secret protection by making offline password guessing and brute-force cracking materially cheaper than intended. If an attacker obtains password hashes or PBKDF2-derived verifiers generated with the vulnerable defaults, the low work factor can significantly reduce the time and cost required to test candidate passwords. The issue does not by itself provide code execution or direct privilege escalation, but it can increase the likelihood of credential recovery and subsequent unauthorized access where derived hashes or keys protect authentication material.

Mitigation

If you can’t patch tonight, do this now.

Do not rely on the module defaults in affected versions. Explicitly configure PBKDF2 to use a stronger algorithm such as HMACSHA2/HMAC-SHA256, set an appropriate output length when required by the implementation context, and raise the iteration count to modern recommended levels. The supporting content cites approximately 220,000 to 1,400,000 iterations depending on algorithm choice, with 600,000 iterations for SHA-256 given as an example. For environments that cannot immediately upgrade, enforce these stronger parameters in application code and prioritize migration away from HMAC-SHA1-based legacy settings.

Remediation

Patch, then assume compromise.

Upgrade Crypt::PBKDF2 to version 0.261630 or later. The fixed release changes the default hash algorithm to HMAC-SHA256 and raises the default iteration count to 600,000 in line with current OWASP guidance. Review existing application configurations to ensure they do not continue to rely on legacy defaults, and where feasible rehash stored passwords or regenerate PBKDF2-derived material using stronger parameters after successful user authentication or through a controlled migration process.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

10 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

10 SOURCESView more in app

metacpanNews

Apr 26, 2010

Changes - metacpan.org

A weakness in Crypt::PBKDF2's prior default password hashing configuration, addressed by changing the default hash algorithm to HMAC-SHA256 and increasing the default iteration count to 600,000.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity9

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-9641

NVD

nvd.nist.gov/vuln/detail/CVE-2026-9641

MITRE CWE · CWE-916

Use of Password Hash With Insufficient…

openwall.com

openwall.com/lists/oss-security/2026/06/12/5

openwall.com

openwall.com/lists/oss-security/2026/06/13/1

cheatsheetseries.owasp.org

cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html

metacpan.org

metacpan.org/release/ARODLAND/Crypt-PBKDF2-0.261630/changes