Veracode Vulnerability DatabaseVERACODE:39323

HistoryFeb 17, 2023 - 10:36 a.m.

Authentication Bypass

2023-02-1710:36:14

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

php

authentication

bypass

vulnerability

password_verify()

hashes

EPSS

0.001

Percentile

24.9%

JSON

PHP is vulnerable to Authentication Bypass. The vulnerability exists because the Password_verify() function always returns true with some hashes, allowing an attacker to modify password hashes.

References

bugs.php.net/bug.php?id=81744

github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4

secdb.alpinelinux.org/edge/community.yaml

secdb.alpinelinux.org/v3.16/community.yaml

vulnrichment

CVE-2023-0567 password_verify() always returns true for some invalid hashes

2023-02-16 06:15:50

debiancve

CVE-2023-0567

2023-03-01 08:15:11

ubuntucve

CVE-2023-0567

2023-02-15 00:00:00

nvd

CVE-2023-0567

2023-03-01 08:15:11

cbl_mariner

CVE-2023-0567 affecting package php for versions less than 8.1.16-1

2023-03-09 00:25:04

cvelist

CVE-2023-0567 password_verify() always returns true for some invalid hashes

2023-02-16 06:15:50

osv

php7.0 vulnerability

2023-05-02 10:07:08

BIT-php-2023-0567

2024-03-06 11:02:12

CVE-2023-0567

2023-03-01 08:15:11

ubuntu

PHP vulnerability

2023-05-02 00:00:00

PHP vulnerabilities

2023-02-28 00:00:00

alpinelinux

CVE-2023-0567

2023-03-01 08:15:11

cve

CVE-2023-0567

2023-03-01 08:15:11

nessus

CBL Mariner 2.0 Security Update: php (CVE-2023-0567)

2023-03-20 00:00:00

Ubuntu 16.04 ESM : PHP vulnerability (USN-6053-1)

2023-05-02 00:00:00

PHP 8.0.x < 8.0.28 Multiple Vulnerabilities

2023-02-15 00:00:00

prion

Default credentials

2023-03-01 08:15:00

redhatcve

CVE-2023-0567

2023-02-17 12:00:22

openvas

Ubuntu: Security Advisory (USN-6053-1)

2023-05-03 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:0514-1)

2023-03-28 00:00:00

PHP < 8.0.28, 8.1.x < 8.1.16, 8.2.x < 8.2.3 Security Update - Linux

2023-02-15 00:00:00

slackware

[slackware-security] php

2023-02-15 03:06:12

fedora

[SECURITY] Fedora 37 Update: php-8.1.16-1.fc37

2023-02-24 04:47:32

[SECURITY] Fedora 36 Update: php-8.1.16-1.fc36

2023-02-24 03:47:37

mageia

Updated php packages fix security vulnerability

2023-02-27 23:27:16

cloudlinux

php: Fix of 3 CVEs

2023-03-09 21:01:01

altlinux

Security fix for the ALT Linux 10 package php8.2 version 8.2.3-alt1

2023-02-21 00:00:00

Security fix for the ALT Linux 10 package php8.1 version 8.1.16-alt1

2023-02-17 00:00:00

Security fix for the ALT Linux 10 package php8.0 version 8.0.28-alt1

2023-02-21 00:00:00

debian

[SECURITY] [DLA 3345-1] php7.3 security update

2023-02-26 22:00:18

[SECURITY] [DSA 5363-1] php7.4 security update

2023-02-24 19:21:10

rocky

php:8.0 security update

2023-10-24 18:35:47

php:8.1 security update

2024-02-12 20:17:50

php security update

2023-10-24 18:36:55

almalinux

Moderate: php:8.1 security update

2024-01-24 00:00:00

Important: php:8.0 security update

2023-10-19 00:00:00

Important: php security update

2023-10-19 00:00:00

redhat

(RHSA-2023:5926) Important: php security update

2023-10-19 12:43:29

(RHSA-2024:0387) Moderate: php:8.1 security update

2024-01-24 09:41:37

(RHSA-2023:5927) Important: php:8.0 security update

2023-10-19 12:45:04

oraclelinux

php:8.0 security update

2023-10-23 00:00:00

php security update

2023-10-22 00:00:00

php:8.1 security update

2024-01-25 00:00:00

gentoo

PHP: Multiple Vulnerabilities

2024-08-12 00:00:00

HP Device Manager Security Updates

2023-04-13 00:00:00

ics

Siemens SCALANCE XCM-/XRM-300

2024-02-15 12:00:00

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Authentication Bypass

References

Related