Weak Hashing Algorithm in PHP-Censor Affects User Account Security
CVE-2024-34914

5.3MEDIUM

Key Information:

Vendor: PHP-Censor
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-34914?

A significant security concern arises from the use of a weak hashing algorithm for the 'remember_key' value in PHP-Censor version 2.1.4. This vulnerability enables attackers to exploit the system by brute-forcing the 'remember_key', potentially leading to unauthorized access to user accounts that have activated the 'remember me' feature during login. The necessary patch is available in version 2.1.5, which addresses this critical security lapse. Users are strongly encouraged to upgrade to ensure the protection of their accounts from such brute force attacks.

References

https://chmod744.super.site/redacted-vulnerability

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024

CVE-2024-34914 Data

JSON