Lucene search

K
githubGitHub Advisory DatabaseGHSA-FQW7-839J-HVXJ
HistoryMay 14, 2024 - 6:31 p.m.

PHP Censor uses a weak hashing algorithm for the remember me key

2024-05-1418:31:02
CWE-327
GitHub Advisory Database
github.com
3
php censor
weak hashing algorithm
remember key
vulnerability
bruteforce
accounts
software

6.9 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked “remember me” when logging in.

Affected configurations

Vulners
Node
phpphpRange<2.0.13
OR
phpphpRange<2.1.5

6.9 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

Related for GHSA-FQW7-839J-HVXJ