If the encrypted hash value for the passwords forms certain formats of magic hash, e.g, 0e123…, it can be bypassed. For example, if the server-side stored password hash is a magic hash, then another user can also try a magic hash password to authenticate.
It can be avoided by using a strict comparison “===“.
If you don't mind me asking, Is this taken care of by using PHP Password Verify function such as in the user class of Atheos, a fork of Codiad?
In your case, I think the password_verify function does not have this kind of problem. Your password encryption function is PHP built-in function password_hash, which generates hash values starting with $, and this sanitizes it from this kind of bugs.
Codiad/componetns/user/class.user.php:Authenticate() is potentially vulnerable to the magic hash problem, and the authentication can be bypassed in the loose comparison (==)
If the encrypted hash value for the passwords forms certain formats of magic hash, e.g, 0e123…, it can be bypassed. For example, if the server-side stored password hash is a magic hash, then another user can also try a magic hash password to authenticate.
It can be avoided by using a strict comparison “===“.
More info about magic hash can be found here
The text was updated successfully, but these errors were encountered: