php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked “remember me” when logging in.
[
{
"cpes": [
"cpe:2.3:a:php-censor:php-censor:2.1.5:*:*:*:*:*:*:*"
],
"vendor": "php-censor",
"product": "php-censor",
"versions": [
{
"status": "affected",
"version": "2.1.4",
"lessThan": "2.1.5",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]