GHSA-fqw7-839j-hvxj

Suggest an improvement
Source
https://github.com/advisories/GHSA-fqw7-839j-hvxj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-fqw7-839j-hvxj/GHSA-fqw7-839j-hvxj.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-fqw7-839j-hvxj
Aliases
  • CVE-2024-34914
Published
2024-05-14T18:31:02Z
Modified
2024-05-14T22:12:09.229735Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
PHP Censor uses a weak hashing algorithm for the remember me key
Details

php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its rememberkey value. This allows attackers to bruteforce to bruteforce the rememberkey value to gain access to accounts that have checked "remember me" when logging in.

Database specific
{
    "nvd_published_at": "2024-05-14T16:17:30Z",
    "cwe_ids": [
        "CWE-327"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-14T21:49:09Z"
}
References

Affected packages

Packagist / php-censor/php-censor

Package

Name
php-censor/php-censor
Purl
pkg:composer/php-censor/php-censor

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1.0
Fixed
2.1.5

Affected versions

2.*

2.1.0
2.1.1
2.1.2
2.1.3
2.1.4

Packagist / php-censor/php-censor

Package

Name
php-censor/php-censor
Purl
pkg:composer/php-censor/php-censor

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.13

Affected versions

0.*

0.1.0
0.2.0
0.3.0
0.4.0
0.5.0
0.6.0
0.7.0
0.8.0
0.9.0
0.10.0
0.11.0
0.12.0
0.13.0
0.14.0
0.15.0
0.16.0
0.17.0
0.18.0
0.19.0
0.20.0
0.21.0
0.22.0
0.23.0
0.24.0
0.25.0

1.*

1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12