Security Advisories (2)
CVE-2026-5091 (2026-05-21)

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.

CVE-2009-10007 (2026-06-09)

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim.

NAME

Catalyst::Plugin::Authentication::Store::Minimal::Backend - Minimal authentication storage backend.

SYNOPSIS

# you probably just want Store::Minimal under most cases,
# but if you insist you can instantiate your own store:

use Catalyst::Plugin::Authentication::Store::Minimal::Backend;

use Catalyst qw/
    Authentication
    Authentication::Credential::Password
/;

my %users = (
    user => { password => "s3cr3t" },
);

our $users = Catalyst::Plugin::Authentication::Store::Minimal::Backend->new(\%users);

sub action : Local {
    my ( $self, $c ) = @_;

    $c->login( $users->get_user( $c->req->param("login") ),
        $c->req->param("password") );
}

DESCRIPTION

You probably want Catalyst::Plugin::Authentication::Store::Minimal, unless you are mixing several stores in a single app and one of them is Minimal.

Otherwise, this lets you create a store manually.

METHODS

new $hash_ref

Constructs a new store object, which uses the supplied hash ref as it's backing structure.

get_user $id

Keys the hash by $id and returns the value.

If the return value is unblessed it will be blessed as Catalyst::Plugin::Authentication::User::Hash.

from_session $id

Delegates to get_user.

user_supports

Chooses a random user from the hash and delegates to it.