• Home

    Email

    Github

    Donate

  • jamesbrine.com.au

CVE-2023-0567 Information

Mar 05, 2023 cve

Description

In PHP 8.0.X before 8.0.28 8.1.X before 8.1.16 and 8.2.X before 8.2.3 password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database it may lead to an application allowing any password for this entry as valid.

Reference

https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4 https://bugs.php.net/bug.php?id=81744

  • 𝖏𝖆𝖒𝖊𝖘𝖇𝖗𝖎𝖓𝖊.𝖈𝖔𝖒.𝖆𝖚