/ 
Catalyst-Plugin-Authentication-0.09999_01
Security Advisories (1)
CVE-2026-5091 (2026-05-21)

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.

Changes for version 0.09999_01

  • major changes to the internals of the plugin, to better encapsulate credentials and stores.
  • introduction of 'realms' concept, allowing multiple different pairs of credential and store in a single application.

Documentation

Catalyst::Plugin::Authentication::Internals
All about authentication Stores and Credentials
Catalyst::Plugin::Authentication::Store
All about authentication stores

Modules

Catalyst::Plugin::Authentication
Infrastructure plugin for the Catalyst authentication framework.
Catalyst::Plugin::Authentication::Credential::Password
Authenticate a user with a password.
Catalyst::Plugin::Authentication::Store::Minimal
Minimal authentication store.
Catalyst::Plugin::Authentication::Store::Minimal
Authentication database in < $c-config >>.
Catalyst::Plugin::Authentication::User
Base class for user objects.
Catalyst::Plugin::Authentication::User::Hash
An easy authentication user object based on hashes.

Other files