Lucene search
GitHub Advisory DatabaseGHSA-FQW7-839J-HVXJHistoryMay 14, 2024 - 6:31 p.m.
PHP Censor uses a weak hashing algorithm for the remember me key
2024-05-1418:31:02
CWE-327
GitHub Advisory Database
github.com
3
php censor
weak hashing algorithm
remember key
vulnerability
bruteforce
accounts
software
php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked “remember me” when logging in.
Affected configurations
Node
php-censorphp-censorRange<2.0.13
ORphp-censorphp-censorRange<2.1.5
| CPE | Name | Operator | Version |
|---|---|---|---|
| php-censor/php-censor | lt | 2.0.13 | |
| php-censor/php-censor | lt | 2.1.5 |
Related
osv
osv
PHP Censor uses a weak hashing algorithm for the remember me key
2024-05-14 18:31:02
cve
cve
CVE-2024-34914
2024-05-14 16:17:30
nvd
nvd
CVE-2024-34914
2024-05-14 16:17:30
veracode
veracode
Weak Hashing Algorithm
2024-05-15 04:01:13
cvelist
cvelist
CVE-2024-34914
1976-01-01 00:00:00
vulnrichment
vulnrichment
CVE-2024-34914
1976-01-01 00:00:00