Authen-SASL-2.1800

Security Advisories (1)

CVE-2025-40918 (2025-07-16)

Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.

Changes for version 2.1800

Changed
- Minimum required Perl version 5.14+ (from 5.6.0); Digest::HMAC_MD5 was 5.8.1, making 5.8.1 the effective minimum
- Move example code to the eg/ directory
Added
- Mechanisms XOAUTH2 and OAUTHBEARER added
- Include mechanisms available on server when negotiation fails on the client
- Add `_acceptable()` function to allow mechanism implementation classes to decline selection based on the callback values

Modules

Authen::SASL

SASL Authentication framework

Authen::SASL::Perl

Perl implementation of the SASL Authentication framework

Authen::SASL::Perl::ANONYMOUS

Anonymous Authentication class

Authen::SASL::Perl::CRAM_MD5

CRAM MD5 Authentication class

Authen::SASL::Perl::DIGEST_MD5

Digest MD5 Authentication class

Authen::SASL::Perl::EXTERNAL

External Authentication class

Authen::SASL::Perl::GSSAPI

GSSAPI (Kerberosv5) Authentication class

Authen::SASL::Perl::LOGIN

Authen::SASL::Perl::OAUTHBEARER

OAUTHBEARER Authentication class

Authen::SASL::Perl::PLAIN

Plain Login Authentication class

Authen::SASL::Perl::XOAUTH2

XOAUTH2 Authentication class

Provides

Authen::SASL::CRAM_MD5

in lib/Authen/SASL/CRAM_MD5.pm

Authen::SASL::EXTERNAL

in lib/Authen/SASL/EXTERNAL.pm

Examples

Other files

To install Authen::SASL, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Authen::SASL

CPAN shell

perl -MCPAN -e shell
install Authen::SASL

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Changes for version 2.1800

Modules

Provides

Examples

Other files

Module Install Instructions

Keyboard Shortcuts