Lucene search
Veracode Vulnerability DatabaseVERACODE:39785HistoryMar 15, 2023 - 4:31 p.m.
Authentication Bypass
2023-03-1516:31:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
authentication bypass
codeigniter4
shield
weak implementation
password storage
attacker
hashed password
vulnerability
software
EPSS
0.002
Percentile
55.2%
codeigniter4/shield is vulnerable to Authentication Bypass. The vulnerability exists due to a weak implementation of the password storage functionality which allows an attacker to crack the password if they have access to a user’s hashed password.
References
blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html
cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pre-hashing-passwords
github.com/advisories/GHSA-c5vj-f36q-p9vg
github.com/codeigniter4/shield/blob/develop/UPGRADING.md
github.com/codeigniter4/shield/commit/ea9688dd01d100193d834117dbfc2cfabcf9ea0b
github.com/codeigniter4/shield/security/advisories/GHSA-c5vj-f36q-p9vg
www.scottbrady91.com/authentication/beware-of-password-shucking
Related
github
github
Password Shucking Vulnerability
2023-03-13 20:51:07
nvd
nvd
CVE-2023-27580
2023-03-13 18:15:12
osv
osv
CVE-2023-27580
2023-03-13 18:15:12
Password Shucking Vulnerability
2023-03-13 20:51:07
prion
prion
Authorization
2023-03-13 18:15:00
cvelist
cvelist
CVE-2023-27580 CodeIgniter Shield Password Shucking Vulnerability
2023-03-13 17:14:58
cve
cve
CVE-2023-27580
2023-03-13 18:15:12