Advisory Database
  • Advisories
  • Dependency Scanning
  1. composer
  2. ›
  3. codiad/codiad
  4. ›
  5. CVE-2020-23355

CVE-2020-23355: Improper Authentication

January 27, 2021 (updated July 21, 2021)

Codiad /componentss/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate.

References

  • nvd.nist.gov/vuln/detail/CVE-2020-23355

Code Behaviors & Features

Detect and mitigate CVE-2020-23355 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

Version 2.8.4

Solution

Unfortunately, there is no solution available yet.

Impact 7.5 HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Learn more about CVSS

Weakness

  • CWE-287: Improper Authentication

Source file

packagist/codiad/codiad/CVE-2020-23355.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Wed, 14 May 2025 12:16:02 +0000.