Lucene search
PRIOn knowledge basePRION:CVE-2023-48707HistoryNov 24, 2023 - 6:15 p.m.
Authorization
2023-11-2418:15:00
PRIOn knowledge base
www.prio-n.com
3
codeigniter shield
vulnerability
authentication
security
version 1.0.0-beta.8
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The secretKey value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database, they could use the key and secretKey for HMAC SHA256 authentication to send requests impersonating that corresponding user. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| shield | eq | 1.0.0 beta | |
| shield | eq | 1.0.0 beta3 | |
| shield | eq | 1.0.0 beta2 | |
| shield | eq | 1.0.0 beta4 | |
| shield | eq | 1.0.0 beta5 | |
| shield | eq | 1.0.0 beta6 | |
| shield | eq | 1.0.0 beta7 |
Related
veracode
veracode
Sensitive Information Stored In Clear Text
2023-11-23 10:51:32
osv
osv
Cleartext Storage of Sensitive Information in HMAC SHA256 Authentication
2023-11-23 00:28:14
CVE-2023-48707
2023-11-24 18:15:07
cve
cve
CVE-2023-48707
2023-11-24 18:15:07
nvd
nvd
CVE-2023-48707
2023-11-24 18:15:07
cvelist
cvelist
github
github
Cleartext Storage of Sensitive Information in HMAC SHA256 Authentication
2023-11-23 00:28:14