GHSA-5HFV-C864-QCQ9 CI4MS has a Deactivated User Session Bypass (active=0)

Summary The auth filter has the deactivated/banned user check commented out. Details CodeIgniter Shield's loggedIn re-checks the status field catching status='banned', but does not re-check the active field for existing sessions. When an admin deactivates a user active=0 after they have already...

CI4MS has a Deactivated User Session Bypass (active=0)

Summary The auth filter has the deactivated/banned user check commented out. Details CodeIgniter Shield's loggedIn re-checks the status field catching status='banned', but does not re-check the active field for existing sessions. When an admin deactivates a user active=0 after they have already...

EUVD-2022-6486

Malicious code in bioql PyPI...

EUVD-2023-3035

Malicious code in bioql PyPI...

EUVD-2023-2984

Malicious code in bioql PyPI...

EUVD-2023-0978

Malicious code in bioql PyPI...

CVE-2023-48708

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...

CVE-2023-27580

CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability...

CVE-2023-48708

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...

Authorization

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The secretKey value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database,...

Authorization

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...

CVE-2023-48707 Cleartext Storage of Sensitive Information in codeigniter4/shield

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The secretKey value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database,...

CVE-2023-48708 Insertion of Sensitive Information into Log in codeigniter4/shield

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...

CodeIgniter Shield Security Vulnerabilities

CodeIgniter Shield is the authentication and authorization module for CodeIgniter 4 from CodeIgniter, Inc. A security vulnerability exists in CodeIgniter Shield versions prior to 1.0.0-beta.8 that stems from the use of plaintext to store sensitive information in HMAC SHA256 authentication...

CodeIgniter Shield Log Information Disclosure Vulnerability

CodeIgniter Shield is the authentication and authorization module for CodeIgniter 4 from CodeIgniter, Inc. The vulnerability in CodeIgniter Shield versions prior to 1.0.0-beta.8 stems from the presence of a log message disclosure vulnerability...

CVE-2023-27580 CodeIgniter Shield Password Shucking Vulnerability

CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability...

CVE-2023-27580 CodeIgniter Shield Password Shucking Vulnerability

CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability...

CodeIgniter Shield 安全漏洞

CodeIgniter Shield is the authentication and authorization module for CodeIgniter 4 from CodeIgniter, Inc. CodeIgniter Shield has a security vulnerability that stems from hashed passwords being easier to crack than expected...

PT-2023-21223 · Unknown · Codeigniter Shield

Name of the Vulnerable Software and Affected Versions: CodeIgniter Shield versions 1.0.0-beta.3 and earlier Description: An improper implementation was found in the password storage process, making all hashed passwords stored in affected versions easier to crack than expected. If an attacker...

CVE-2022-35943 SameSite may allow cross-site request forgery (CSRF) protection to be bypassed

Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a...