php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked “remember me” when logging in.
CPE | Name | Operator | Version |
---|---|---|---|
php-censor/php-censor | lt | 2.0.13 | |
php-censor/php-censor | lt | 2.1.5 |