Headline
CVE-2021-46250: SECURITY: Use strict comparison when authenticating · ScratchVerifier/ScratchOAuth2@a91879b
An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other users on downstream components that rely on ScratchOAuth2.
Permalink
Browse files
SECURITY: Use strict comparison when authenticating
Incorrect comparison (autocasting) in SOA2Login::commented in ScratchOAuth2 allows unprivileged attackers to authorize as other users on downstream components that rely on ScratchOAuth2, as demonstrated by “1234567890” and "123456789e1".
- Loading branch information
1 parent 0ead14a commit a91879bd58fa83b09283c0708a1864cdf067c64a
Showing with 1 addition and 1 deletion.
- +1 −1 includes/common/login.php
@@ -52,7 +52,7 @@ public static function commented( string $username, string $code ) {
$matches = [];
preg_match_all(SOA2_COMMENTS_REGEX, $comments, $matches, PREG_PATTERN_ORDER);
for ($i = 0; $i < count($matches[0]); ++$i) {
if (strtolower($matches[1][$i]) != $username) continue;
if (strtolower($matches[1][$i]) !== $username) continue;
if (hash_equals($code, $matches[2][$i])) return true; // Step 22
}
return false;
0 comments on commit a91879b
Please sign in to comment.