Описание
PHP Censor uses a weak hashing algorithm for the remember me key
php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked "remember me" when logging in.
Пакеты
Наименование
php-censor/php-censor
composer
Затронутые версииВерсия исправления
>= 2.1.0, < 2.1.5
2.1.5
Наименование
php-censor/php-censor
composer
Затронутые версииВерсия исправления
< 2.0.13
2.0.13
Связанные уязвимости
CVSS3: 5.3
nvd
больше 1 года назад
php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked "remember me" when logging in.