Lucene search
Veracode Vulnerability DatabaseVERACODE:46906HistoryMay 15, 2024 - 4:01 a.m.
Weak Hashing Algorithm
2024-05-1504:01:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
weak hashing
php-censor
vulnerability
md5
brute-force
unauthorized access
php-censor/php-censor is vulnerable to a Weak Hashing Algorithm. The vulnerability is due to the rememberKey being generated using only the MD5 hash of the login timestamp without adding any randomness or salt, making it susceptible to brute-force attacks. This allows attackers to easily compute the rememberKey by iterating over a potential timeframe of login attempts, thereby gaining unauthorized access to accounts with the “remember me” option enabled.
| CPE | Name | Operator | Version |
|---|---|---|---|
| php-censor/php-censor | le | 2.1.4 | |
| php-censor/php-censor | le | 2.0.12 | |
| php-censor/php-censor | le | 2.1.4 | |
| php-censor/php-censor | le | 2.0.12 |
Related
osv
osv
PHP Censor uses a weak hashing algorithm for the remember me key
2024-05-14 18:31:02
cve
cve
CVE-2024-34914
2024-05-14 16:17:30
nvd
nvd
CVE-2024-34914
2024-05-14 16:17:30
cvelist
cvelist
CVE-2024-34914
1976-01-01 00:00:00
vulnrichment
vulnrichment
CVE-2024-34914
1976-01-01 00:00:00
github
github
PHP Censor uses a weak hashing algorithm for the remember me key
2024-05-14 18:31:02