Headline
CVE-2022-36072: Should use === for hashing instead of ==
SilverwareGames.io is a social network for users to play video games online. In version 1.1.8 and prior, due to an unobvious feature of PHP, hashes generated by built-in functions and starting with the 0e symbols were being handled as zero multiplied with the e number. Therefore, the hash value was equal to 0. The maintainers fixed this in version 1.1.9 by using === instead of == in comparisons where it is possible (e.g. on sign in/sign up handlers).
Due to an unobvious feature of PHP, hashes generated by built-in functions and starting with the “0e” symbols are being handled as zero multiplied with the e number. Therefore, the value is equal to 0.
This vulnerability has no really big chances of reproduction, since the violator should spend some time to find this and find the victim, and the victim should be “lucky” enough so their password hash will start with "0e".
To fix this, I should use === instead of == in comparisons where it is possible (e.g. on sign in/sign up handlers).