/ 
Catalyst-Plugin-Authentication-0.10007_01 UNAUTHORIZED RELEASE
Security Advisories (1)
CVE-2026-5091 (2026-05-21)

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.

Changes for version 0.10007_01 - 2008-06-11

  • Some documentation fixes (including RT #36062)
  • Compatibility fix where the use of new style config and old style Authentication::Store::Minimal would cause a crash (Reported & fixed by Jos Boumans C<kane@cpan.org>)

Documentation

Catalyst::Authentication::Store
All about authentication stores
Catalyst::Plugin::Authentication::Internals
All about authentication Stores and Credentials

Modules

Catalyst::Authentication::Credential::Password
Authenticate a user with a password. UNAUTHORIZED
Catalyst::Authentication::Realm
Base class for realm objects. UNAUTHORIZED
Catalyst::Authentication::Realm::Compatibility
Compatibility realm object UNAUTHORIZED
Catalyst::Authentication::Store::Minimal
Minimal authentication store UNAUTHORIZED
Catalyst::Authentication::Store::Null
Null authentication store UNAUTHORIZED
Catalyst::Authentication::User
Base class for user objects. UNAUTHORIZED
Catalyst::Authentication::User::Hash
An easy authentication user object based on hashes. UNAUTHORIZED
Catalyst::Plugin::Authentication
Infrastructure plugin for the Catalyst authentication framework.
Catalyst::Plugin::Authentication::Credential::Password
Compatibility shim
Catalyst::Plugin::Authentication::Store::Minimal
Compatibility shim
Catalyst::Plugin::Authentication::User
Catalyst::Plugin::Authentication::User::Hash
Compatibility shim

Other files