Lucene search

K
osvGoogleOSV:GHSA-FQW7-839J-HVXJ
HistoryMay 14, 2024 - 6:31 p.m.

PHP Censor uses a weak hashing algorithm for the remember me key

2024-05-1418:31:02
Google
osv.dev
2
php
weak hashing
remember me
software vulnerability

6.9 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked “remember me” when logging in.

6.9 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

Related for OSV:GHSA-FQW7-839J-HVXJ