Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks.
These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.
Exploitability
AV:LAC:HPR:NUI:NScope
S:UImpact
C:HI:NA:N5.1/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NOther