Описание
php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked "remember me" when logging in.
EPSS
Процентиль: 25%
0.00085
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-328
Связанные уязвимости
CVSS3: 6.5
github
больше 1 года назад
PHP Censor uses a weak hashing algorithm for the remember me key
EPSS
Процентиль: 25%
0.00085
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-328