PT-2026-46997

Summary The shared-view password check fell back to strict-equality === comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. Details The bcrypt branch hashes starting with $2a$/$2b$ was unaffected. The legacy fallback in View.t...

PT-2025-15053 · Zendto · Zendto

Name of the Vulnerable Software and Affected Versions: ZendTo versions prior to 5.04-7 Description: A type confusion vulnerability in lib/NSSAuthenticator.php allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpreted as numbers. The...