php: Password_verify() always return true with some hash

A vulnerability was found in PHP. This security flaw occurs when malformatted BCrypt hashes that include a $ within their salt part trigger a buffer overread and may erroneously validate any password as valid...

SUSE: Security Advisory (SUSE-SU-2023:2783-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets (SUSE-SU-2023:2783-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2783-1 advisory. - aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data...

springframework: BCrypt skips salt rounds for work factor of 31

A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor 31 due to an integer overflow error...

Bcrypt, a Popular Password Hashing Algorithm, Starts Its Long Goodbye

The coinventor of “bcrypt” is reflecting on the ubiquitous function’s 25 years and channeling cybersecurity’s core themes into electronic dance music...

openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2023:2182-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2182-1 advisory. - Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp...

The vulnerability of the bcrypt hashing algorithm implementation in the system file exporter tool for Prometheus Exporter Toolkit allows a hacker to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the bcrypt hashing algorithm implementation in the Prometheus Exporter Toolkit’s file export function is related to the ability to bypass authentication when processing the web.yml file. Exploiting this vulnerability can allow attackers to circumvent security restrictions and...

SUSE: Security Advisory (SUSE-SU-2023:0514-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2023-1679350425 php: Fix of 3 CVEs

CVE-2023-0567: crypt: Fix validation of malformed BCrypt hashes - CVE-2023-0568: Fix array overrun when appending slash to paths - CVE-2023-0662: Fix DoS vulnerability when parsing multipart request body...

CLSA-2023-1678396156 php: Fix of 3 CVEs

CVE-2023-0567: crypt: Fix validation of malformed BCrypt hashes - CVE-2023-0568: Fix array overrun when appending slash to paths - CVE-2023-0662: Fix DoS vulnerability when parsing multipart request body...

CLSA-2023-1678395661 php: Fix of 3 CVEs

CVE-2023-0567: crypt: Fix validation of malformed BCrypt hashes - CVE-2023-0568: Fix array overrun when appending slash to paths - CVE-2023-0662: Fix DoS vulnerability when parsing multipart request body...

CLSA-2023-1677784124 Fix CVE(s): CVE-2023-0662, CVE-2023-0568, CVE-2023-0567

SECURITY UPDATE: Invalid validation of BCrypt hashes - debian/patches/CVE-2023-0567.patch: Remove "PHP Hack" to fix validation of malformed BCrypt hashes - CVE-2023-0567 SECURITY UPDATE: Unauthorized data access or modification - debian/patches/CVE-2023-0568.patch: Fix array overrun when appendin...

Debian: Security Advisory (DSA-5363-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5363-1] php7.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5363-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 24, 2023 https://www.debian.org/security/faq -...

SUSE-SU-2023:0515-1 Security update for php74

This update for php74 fixes the following issues: - CVE-2023-0568: Fixed NULL byte off-by-one in phpcheckspecificopenbasedir bnc1208366. - CVE-2023-0662: Fixed DoS vulnerability when parsing multipart request body bnc1208367. - CVE-2023-0567: Fixed vulnerability where BCrypt hashes erroneously...

SUSE-SU-2023:0514-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2023-0568: Fixed NULL byte off-by-one in phpcheckspecificopenbasedir bnc1208366. - CVE-2023-0662: Fixed DoS vulnerability when parsing multipart request body bnc1208367. - CVE-2023-0567: Fixed vulnerability where BCrypt hashes erroneously...

SUSE-SU-2023:0513-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2023-0568: Fixed NULL byte off-by-one in phpcheckspecificopenbasedir bnc1208366. - CVE-2023-0662: Fixed DoS vulnerability when parsing multipart request body bnc1208367. - CVE-2023-0567: Fixed vulnerability where BCrypt hashes erroneously...

SUSE多款产品 安全漏洞

SUSE Linux Enterprise Server is a suite of enterprise server edition Linux operating systems from SUSE, Germany. A security vulnerability exists in SUSE that stems from BCrypt hash misvalidation and affects the following products and versions: openSUSE Leap 15.4, SUSE Enterprise Storage 7, SUSE...

Observable Timing Discrepancy in Login Portal

Description An observable discrepancy in response times is present in the login portal. When brute forcing valid email accounts, the timing on a valid account is significantly higher than that of an invalid user account. This is likely due to the use of Bcrypt's compare function being utilized by...

CVE-2023-0567

A vulnerability was found in PHP. This security flaw occurs when malformatted BCrypt hashes that include a $ within their salt part trigger a buffer overread and may erroneously validate any password as valid...