CVE-2024-34914

Medium

php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers…

mitre·CWE-327·Published 2024-05-14

CVSS

5.3

EPSS

0.00

KEV

Exploits

cve.orgen

266 chars

php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked "remember me" when logging in.

NVDen

266 chars

OSV.deven

266 chars

GHSAen

266 chars

NVDes

272 chars

Se descubrió que php-censor v2.1.4 y corregido en v.2.1.5 utiliza un algoritmo hash débil para su valor Remember_key. Esto permite a los atacantes aplicar fuerza bruta al valor de recordar_clave para obtener acceso a cuentas que han marcado "recordarme" al iniciar sesión.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1	Secondary	GHSA	6.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
3.1	Secondary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N