codeigniter4/shield is vulnerable to Authentication Bypass. The vulnerability exists due to a weak implementation of the password storage functionality which allows an attacker to crack the password if they have access to a user’s hashed password.
blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html
cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pre-hashing-passwords
github.com/advisories/GHSA-c5vj-f36q-p9vg
github.com/codeigniter4/shield/blob/develop/UPGRADING.md
github.com/codeigniter4/shield/commit/ea9688dd01d100193d834117dbfc2cfabcf9ea0b
github.com/codeigniter4/shield/security/advisories/GHSA-c5vj-f36q-p9vg
www.scottbrady91.com/authentication/beware-of-password-shucking