Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1mcXc3LTgzOWotaHZ4as4AA8DF

Moderate EPSS: 0.00062% (0.19781 Percentile) EPSS:
Permalink JSON

PHP Censor uses a weak hashing algorithm for the remember me key

Affected Packages Affected Versions Fixed Versions
packagist:php-censor/php-censor < 2.0.13, >= 2.1.0, < 2.1.5 2.0.13, 2.1.5
0 Dependent packages
0 Dependent repositories
825 Downloads total

Affected Version Ranges

All affected versions

0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.14.0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.19.0, 0.20.0, 0.21.0, 0.22.0, 0.23.0, 0.24.0, 0.25.0, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.0.11, 1.0.12, 1.0.13, 1.0.14, 1.0.15, 1.0.16, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4

All unaffected versions

2.0.13, 2.0.14, 2.1.5, 2.1.6

php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked "remember me" when logging in.

References:

Identifiers

GHSA-fqw7-839j-hvxj

CVE-2024-34914

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00062

EPSS Percentile: 0.19781

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/php-censor/php-censor

Date and time

Published

about 1 year ago

Updated

about 1 year ago

API

JSON