CVE-2020-23355 · CVEKit

cve.orgen

311 chars

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate.

NVDen

311 chars

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate.

OSV.deven

276 chars

Codiad 2.8.4 `/componetns/user/class.user.php:Authenticate()` is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, `0e123`, another hash value `0e234[something]` can successfully authenticate.

GHSAen

276 chars

Codiad 2.8.4 `/componetns/user/class.user.php:Authenticate()` is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, `0e123`, another hash value `0e234[something]` can successfully authenticate.

NVDes

343 chars

** PRODUCTO NO COMPATIBLE CUANDO SE ASIGNÓ ** Codiad versión 2.8.4, /componetns/user/class.user.php:Authenticate() es vulnerable en una omisión de autenticación del hash mágico. Si el valor cifrado o hash de las contraseñas forma determinados formatos de hash mágico, por ejemplo, 0e123, otro valor hash 0e234 puede autenticarse con éxito

CVSS metrics across sources

3

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N