Lucene search
HistoryMay 14, 2024 - 4:17 p.m.
CVE-2024-34914
php-censor security vulnerability hashing algorithm account access bruteforce remember me logging in cve-2024-34914
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
6.9
Confidence
High
php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked “remember me” when logging in.
Related
veracode
veracode
Weak Hashing Algorithm
2024-05-15 04:01:13
osv
osv
PHP Censor uses a weak hashing algorithm for the remember me key
2024-05-14 18:31:02
cve
cve
CVE-2024-34914
2024-05-14 16:17:30
cvelist
cvelist
CVE-2024-34914
1976-01-01 00:00:00
vulnrichment
vulnrichment
CVE-2024-34914
1976-01-01 00:00:00
github
github
PHP Censor uses a weak hashing algorithm for the remember me key
2024-05-14 18:31:02
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
6.9
Confidence
High
Related for NVD:CVE-2024-34914