php-censor/php-censor is vulnerable to a Weak Hashing Algorithm. The vulnerability is due to the rememberKey
being generated using only the MD5 hash of the login timestamp
without adding any randomness or salt, making it susceptible to brute-force attacks. This allows attackers to easily compute the rememberKey
by iterating over a potential timeframe of login attempts, thereby gaining unauthorized access to accounts with the “remember me” option enabled.
CPE | Name | Operator | Version |
---|---|---|---|
php-censor/php-censor | le | 2.1.4 | |
php-censor/php-censor | le | 2.0.12 | |
php-censor/php-censor | le | 2.1.4 | |
php-censor/php-censor | le | 2.0.12 |