Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-1307: type-safe comparsion of md5-compatibility hash-validation · Froxlor/Froxlor@6777fbf

Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.

CVE
Open in Source
#vulnerability#git#php#auth

Skip to content

Sign up

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

*   Explore
*   All features
*   Documentation
*   GitHub Skills
*   Blog

    • For

    • Enterprise

    • Teams

    • Startups

    • Education

    • By Solution

    • CI/CD & Automation

    • DevOps

    • DevSecOps

    • Case Studies

    • Customer Stories

    • Resources

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

*   Repositories
*   Topics
*   Trending
*   Collections

  • Pricing

  • In this repository All GitHub

  • No suggested jump to results

  • In this repository All GitHub

  • In this organization All GitHub

  • In this repository All GitHub

Sign in

Sign up

Froxlor / Froxlor Public

  • Notifications
  • Fork 435
  • Star 1.5k
  • Code
  • Issues 32
  • Pull requests 4
  • Actions
  • Projects 1
  • Wiki
  • Security
  • Insights

More

Permalink

Browse files

type-safe comparsion of md5-compatibility hash-validation

Signed-off-by: Michael Kaufmann [email protected]

  • Loading branch information

d00p committed

Feb 22, 2023

1 parent 23f1f79 commit 6777fbf

Showing 1 changed file with 1 addition and 1 deletion.

2 lib/Froxlor/System/Crypt.php

Show comments View file

@@ -198,7 +198,7 @@ public static function validatePasswordLogin(

$update_hash = true;

}

if ($pwd_hash == $pwd_check || password_verify($password, $pwd_hash)) {

if ($pwd_hash === $pwd_check || password_verify($password, $pwd_hash)) {

// check for update of hash (only if our database is ready to handle the bigger string)

$is_ready = Froxlor::versionCompare2("0.9.33", Froxlor::getVersion()) <= 0;

if ((password_needs_rehash($pwd_hash, $algo) || $update_hash) && $is_ready) {

0 comments on commit 6777fbf

Please sign in to comment.

Related news

GHSA-j83x-r9qq-9g4v: Froxlor is vulnerable to authentication bypass

Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE