/ 
Catalyst-Plugin-Authentication-0.10009_01
Security Advisories (2)
CVE-2026-5091 (2026-05-21)

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.

CVE-2009-10007 (2026-06-09)

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim.

Changes for version 0.10009_01

  • Fix POD escaping, from RT#38694 (Luke Ross)
  • Change authentication backwards compatibility handling to not rely on Class::Data::Inheritable side effects, and so be Catalyst 5.80 safe (t0m)

Documentation

Catalyst::Authentication::Store
All about authentication stores
Catalyst::Plugin::Authentication::Internals
All about authentication Stores and Credentials

Modules

Catalyst::Authentication::Credential::Password
Authenticate a user with a password.
Catalyst::Authentication::Realm
Base class for realm objects.
Catalyst::Authentication::Realm::Compatibility
Compatibility realm object
Catalyst::Authentication::Realm::Progressive
Authenticate against multiple realms
Catalyst::Authentication::Store::Minimal
Minimal authentication store
Catalyst::Authentication::Store::Null
Null authentication store
Catalyst::Authentication::User
Base class for user objects.
Catalyst::Authentication::User::Hash
An easy authentication user object based on hashes.
Catalyst::Plugin::Authentication
Infrastructure plugin for the Catalyst authentication framework.
Catalyst::Plugin::Authentication::Credential::Password
Compatibility shim
Catalyst::Plugin::Authentication::Store::Minimal
Compatibility shim
Catalyst::Plugin::Authentication::User
Compatibility shim
Catalyst::Plugin::Authentication::User::Hash
Compatibility shim

Other files