Assigner | mitre |
Updated | 2024-06-04 |
Description
php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked "remember me" when logging in.
References
https://chmod744.super.site/redacted-vulnerability