An issue was discovered in phpLiteAdmin 1.9.5 through 1.9...
Critical severity
Unreviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Feb 2, 2023
Description
Published by the National Vulnerability Database
Apr 25, 2018
Published to the GitHub Advisory Database
May 14, 2022
Last updated
Feb 2, 2023
An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation (like '2e2' for '200' or '0e1234' for '0'). This is possible because, in the loose comparison case, PHP interprets the string as a number in scientific notation, and thus converts it to a number. After that, the comparison with '==' casts the user input (e.g., the string '200' or '0') to a number, too. Hence the attacker can login with just a '0' or a simple number he has to brute force. Strong comparison with '===' prevents the cast into numbers.
References