Upstream information
Description
Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations.The default algorithm is HMAC-SHA1, which should only be used for legacy systems.
These versions default to using 1000 iterations.
Depending on the chosen algorithm, 220,000 to 1,400,000 iterations should be used.
SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| CVSS detail | CNA (CISA-ADP) |
|---|---|
| Base Score | 5.3 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | Low |
| Integrity Impact | None |
| Availability Impact | None |
| CVSSv3 Version | 3.1 |
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2026-11034 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 12 18:57:35 2026CVE page last modified: Tue Jun 16 12:22:42 2026