Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PHP Use of Password Hash With Insufficient Computational Effort Vulnerability - CVE-2023-0567 - Vulnerability Database
PHP

PHP Use of Password Hash With Insufficient Computational Effort Vulnerability - CVE-2023-0567

Medium
Reference: CVE-2023-0567
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0567
Title: PHP Use of Password Hash With Insufficient Computational Effort Vulnerability
Overview:

In PHP 8.0.X before 8.0.28 8.1.X before 8.1.16 and 8.2.X before 8.2.3 password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database it may lead to an application allowing any password for this entry as valid.