/ 
Catalyst-Plugin-Authentication-0.09999_01
/ Catalyst::Plugin::Authentication::User
Security Advisories (2)
CVE-2026-5091 (2026-05-21)

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.

CVE-2009-10007 (2026-06-09)

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim.

NAME

Catalyst::Plugin::Authentication::User - Base class for user objects.

SYNOPSIS

package MyStore::User;
use base qw/Catalyst::Plugin::Authentication::User/;

DESCRIPTION

This is the base class for authenticated

METHODS

id

A unique ID by which a user can be retrieved from the store.

store

Should return a class name that can be used to refetch the user using it's ID.

supports

An introspection method used to determine what features a user object has, to support credential and authorization plugins.

1 POD Error

The following errors were encountered while parsing the POD:

Around line 112:

Expected text after =item, not a bullet